iCMS is a software application, an efficient and simple content management system built with PHP and MySQL. A cross-site request forgery vulnerability exists in iCMS version 7.0.16, which stems from the component do_save() not adequately verifying that a request comes from a trusted user. The vulnerability can be exploited by an attacker to forge a malicious request to trick a victim into clicking to perform a sensitive operation.