** DISPUTED ** An issue was discovered in GetSimple CMS v3.3.13. There is a CSRF vulnerability that can change the administrator's password via admin/settings.php. NOTE: The vendor reported that the PoC was sending a value for the nonce parameter.
References
Link | Resource |
---|---|
https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1295 | Exploit Third Party Advisory |
Configurations
Information
Published : 2018-09-16 14:29
Updated : 2018-11-28 13:19
NVD link : CVE-2018-17103
Mitre link : CVE-2018-17103
JSON object : View
CWE
CWE-352
Cross-Site Request Forgery (CSRF)
Products Affected
get-simple
- getsimple_cms