CVE-2015-1374

Name of the Vulnerable Software and Affected Versions ferretCMS version 1.0.4-alpha

Description The issue concerns multiple cross-site request forgery (CSRF) vulnerabilities in the admin.php file. These vulnerabilities allow remote attackers to hijack the authentication of administrators, potentially leading to cross-site scripting (XSS), SQL injection, or unrestricted file upload attacks.

Recommendations For ferretCMS version 1.0.4-alpha, as a temporary workaround, consider disabling the admin.php file until a patch is available. Restrict access to the admin interface to minimize the risk of exploitation. Avoid using the admin.php file for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.