CVE-2018-17069

Name of the Vulnerable Software and Affected Versions UNL-CMS version 7.59

Description An issue was discovered that allows a CSRF attack to create new content. The attack can be performed via the API endpoint "/node/add/article" with specific parameters, including "render=overlay".

Recommendations For UNL-CMS version 7.59, as a temporary workaround, consider restricting access to the "/node/add/article" API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.