CVE-2018-15203

Name of the Vulnerable Software and Affected Versions Ignited CMS versions prior to 2017-02-19

Description The issue allows a CSRF attack, enabling an attacker to add pages. This is possible through the "ign/index.php/admin/pages/add page" API endpoint, specifically by manipulating the request to this endpoint.

Recommendations For versions prior to 2017-02-19, as a temporary workaround, consider restricting access to the "ign/index.php/admin/pages/add page" endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.