PT-2025-34051 · Quick.Cms · Quick.Cms
Kamil Szczurowski
+1
·
Published
2025-08-20
·
Updated
2025-09-08
·
CVE-2025-54174
CVSS v4.0
5.1
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N |
Name of the Vulnerable Software and Affected Versions:
QuickCMS version 6.8
QuickCMS (affected versions not specified)
Description:
QuickCMS is vulnerable to Cross-Site Request Forgery in the article creation functionality. A malicious attacker can craft a special website that, when visited by an administrator, will automatically send a POST request creating a malicious article with content defined by the attacker. The vendor was notified about this issue but did not respond with details or a vulnerable version range.
Recommendations:
QuickCMS version 6.8: Mitigate this issue by implementing CSRF tokens or other appropriate security measures to protect the article creation functionality.
QuickCMS (affected versions not specified): Implement CSRF tokens or other appropriate security measures to protect the article creation functionality.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Quick.Cms