CVE-2008-6553

Name of the Vulnerable Software and Affected Versions Implied by Design Micro CMS (Micro-CMS) version 3.5 (aka 0.3.5)

Description The issue allows remote attackers to perform certain actions without requiring authentication as an administrator. This includes creating administrative accounts via an "add admin" action, removing administrative accounts via a "delete admin" action, and modifying administrative passwords via a "change password" action.

Recommendations For Implied by Design Micro CMS (Micro-CMS) version 3.5 (aka 0.3.5), consider implementing proper authentication mechanisms to restrict access to administrative actions, such as "add admin", "delete admin", and "change password", until a patch is available. As a temporary workaround, restrict access to the microcms-admin-home.php file to minimize the risk of exploitation.