CVE-2018-17103

Name of the Vulnerable Software and Affected Versions GetSimple CMS version 3.3.13

Description An issue was discovered that allows for a CSRF vulnerability, which can change the administrator's password via the "admin/settings.php" endpoint. The vendor reported that the proof of concept was sending a value for the nonce parameter.

Recommendations For GetSimple CMS version 3.3.13, as a temporary workaround, consider disabling access to the "admin/settings.php" endpoint until a patch is available. Restrict the ability to change the administrator's password to minimize the risk of exploitation. Avoid relying on the nonce parameter for security validation until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.