OpenSolution QuickCMS Cross-Site Request Forgery Vulnerability in Page Deletion Functionality

Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in OpenSolution QuickCMS version 6.8, specifically within the page deletion feature. This vulnerability allows a malicious attacker to create a website that, when visited by an administrator, automatically sends a POST request to delete an article. While the vendor was notified about this issue, no details regarding the vulnerability or affected version range were provided. Only QuickCMS version 6.8 has been tested and confirmed as vulnerable, leaving the status of other versions uncertain.

Impact

Exploitation of this vulnerability allows for unauthorized deletion of articles by tricking an administrator into visiting a malicious website.

Added: Aug 28, 2025, 12:49 PM

Updated: Aug 28, 2025, 12:49 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

6.5

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

6.5

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenSolution QuickCMS Cross-Site Request Forgery Vulnerability in Page Deletion Functionality

Vulnerability

Impact

Affected Products

OpenSolution QuickCMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating