2025-09-30 10:04:54
CERT-PL
PUBLISHED
PAD CMS is vulnerable to Cross-Site Request Forgery in reset passwords functionality. Malicious attacker can craft special website, which when visited by the victim, will automatically send a POST request changing currently logged users password to defined by the attacker value. This issue affects all 3 templates: www, bip and www+bip. This product is End-Of-Life and producent will not publish patches for this vulnerability.