CVE-2010-3883

CMS Made Simple < 1.7.1 - Cross-Site Request Forgery in Change Group Permissions Module

Title source: llm
STIX 2.1

Description

Cross-site request forgery (CSRF) vulnerability in the Change Group Permissions module in CMS Made Simple 1.7.1 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make permission modifications.

References (2)

Core 2
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/40031

Scores

EPSS 0.0009
EPSS Percentile 24.8%

Details

CWE
CWE-352
Status published
Products (31)
cmsmadesimple/cms_made_simple 0.10
cmsmadesimple/cms_made_simple 0.10.3
cmsmadesimple/cms_made_simple 0.10.4
cmsmadesimple/cms_made_simple 0.11 (3 CPE variants)
cmsmadesimple/cms_made_simple 0.11.1
cmsmadesimple/cms_made_simple 0.11.2
cmsmadesimple/cms_made_simple 0.12 (3 CPE variants)
cmsmadesimple/cms_made_simple 0.12.1
cmsmadesimple/cms_made_simple 0.12.2
cmsmadesimple/cms_made_simple 0.13 beta1 (3 CPE variants)
... and 21 more
Published Oct 08, 2010
Tracked Since Feb 18, 2026