2 matches found
CVE-2018-15564
Summary: daveismyname simple-cms (up to 2014-03-11) contains a CSRF vulnerability that can delete any page via the URL admin/?delpage=8. Impact: page deletion via CSRF; no additional exploit details or affected versions beyond the stated date are provided in the connected documents. Notes: no pat...
CVE-2018-15565
The CVE-2018-15565 entry relates to daveismyname simple-cms where admin/addpage.php does not require authentication, enabling page addition without login and enabling CSRF exploitation. Across connected sources (CNVD-2018-16302, NVD/CVE-2018-15565, PRION) the issue is described as an authenticati...