2 matches found
CVE-2026-28281
InstantCMS is a free and open source content management system. Prior to 2.18.1, InstantCMS does not validate CSRF tokens, which allows attackers grant moderator privileges to users, execute scheduled tasks, move posts to trash, and accept friend requests on behalf of the user. This vulnerability...
PT-2026-24135
Name of the Vulnerable Software and Affected Versions InstantCMS versions prior to 2.18.1 Description InstantCMS does not properly validate Cross-Site Request Forgery CSRF tokens. This allows attackers to perform actions on behalf of a user without their knowledge. Specifically, an attacker could...