CVE-2018-17103: CSRF
First published: Sun Sep 16 2018(Updated: )
** DISPUTED ** An issue was discovered in GetSimple CMS v3.3.13. There is a CSRF vulnerability that can change the administrator's password via admin/settings.php. NOTE: The vendor reported that the PoC was sending a value for the nonce parameter.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Get-simple Getsimple Cms | =3.3.13 | |
| =3.3.13 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2018-17103.
What is the severity level of CVE-2018-17103?
CVE-2018-17103 has a severity level of 8.8 (high).
What is the affected software of CVE-2018-17103?
The affected software of CVE-2018-17103 is GetSimple CMS version 3.3.13.
What is the impact of the vulnerability in GetSimple CMS?
The vulnerability allows an attacker to change the administrator's password.
Is there a fix available for CVE-2018-17103?
The vendor has not provided a fix for CVE-2018-17103. Please contact the vendor for further information.
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/status
- agent/softwarecombine
- agent/description
- agent/event
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- status/disputed
- vendor/get-simple
- canonical/get-simple getsimple cms
- version/get-simple getsimple cms/3.3.13