CVE-2026-28281 InstantCMS has Multiple CSRF Vulnerabilities

InstantCMS is a free and open source content management system. Prior to 2.18.1, InstantCMS does not validate CSRF tokens, which allows attackers grant moderator privileges to users, execute scheduled tasks, move posts to trash, and accept friend requests on behalf of the user. This vulnerability...

EUVD-2026-10405

InstantCMS is a free and open source content management system. Prior to 2.18.1, InstantCMS does not validate CSRF tokens, which allows attackers grant moderator privileges to users, execute scheduled tasks, move posts to trash, and accept friend requests on behalf of the user. This vulnerability...

PT-2024-23855 · Unknown · Instantcms

Name of the Vulnerable Software and Affected Versions: InstantCMS version 2.16.2 Description: A SQL injection issue affects the application, allowing an attacker with administrative privileges to execute unauthorized SQL code. The vulnerability exists in the index chart data action, which receive...

Instant CMS <= 1.1rc3 Admin (Auth Bypass) Vulnerability

======================================================= Instant CMS = 1.1rc3 Admin Auth Bypass Vulnerability ======================================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / /' 0 0 /, // ,/ / 1 1 // /' / // /' / /' 0 0 ...

Instant CMS <= 1.1rc3 Admin (Auth Bypass) Vulnerability

Exploit for php platform in category web applications ======================================================= Instant CMS Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 0 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-1 + Discovered By :...