CVE-2018-17103

2018-09-1621:00:00

mitre

www.cve.org

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

46.6%

JSON

An issue was discovered in GetSimple CMS v3.3.13. There is a CSRF vulnerability that can change the administrator’s password via admin/settings.php. NOTE: The vendor reported that the PoC was sending a value for the nonce parameter

References

github.com/GetSimpleCMS/GetSimpleCMS/issues/1295