GHSA-4q34-xwfg-pm6wHigh
Cross-site request forgery (CSRF) in NewsItemApiController in SimplCommerce prior to commit...
🔗 CVE IDs covered (1)
📋 Description
Cross-site request forgery (CSRF) in NewsItemApiController in SimplCommerce prior to commit 6233d73e allows an unauthenticated remote attacker to create or modify news items as an administrator via a crafted form submitted to /api/news-items, due to missing anti-CSRF protection.