Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-03-24	CVE-2018-8972	Cross-Site Request Forgery (CSRF) vulnerability in Creditwestbank Cwcms Creditwest Bank CMS Project (aka CWCMS) through 2017-07-28 has CSRF in the functionality for updating the site configuration, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a PHP shell that calls eval on request parameters. network creditwestbank CWE-352	6.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.