CMS Made Simple is vulnerable to cross-site request forgery (CSRF) attacks. A malicious user can hijack the authentication of admins for requests to create accounts through an admin/adduser.php
requests.
CPE | Name | Operator | Version |
---|---|---|---|
torfs-ict/cmsms | le | 2.1.5.6 |