CVE-2018-15565

Name of the Vulnerable Software and Affected Versions daveismyname simple-cms through 2014-03-11

Description The issue allows for adding a page without requiring authentication, which can be exploited via CSRF. This is due to a lack of authentication requirement in the "admin/addpage.php" endpoint.

Recommendations For daveismyname simple-cms through 2014-03-11, consider implementing proper authentication mechanisms for the "admin/addpage.php" endpoint to prevent unauthorized access. As a temporary workaround, restrict access to the "admin/addpage.php" endpoint to minimize the risk of exploitation.