An issue was discovered in GetSimple CMS v3.3.13. There is a CSRF vulnerability that can change the administrator's password via admin/settings.php. NOTE: The vendor reported that the PoC was sending a value for the nonce parameter
{ "source": "CPE_STRING", "cpe": "cpe:2.3:a:get-simple:getsimple_cms:3.3.13:*:*:*:*:*:*:*", "extracted_events": [ { "introduced": "3.3.13" }, { "last_affected": "3.3.13" } ] }
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-17103.json"