IBM X-Force published my SyndeoCMS Advisory

Yesterday IBM X-Force published my Advisory regarding a new CSRF vulneability that I’ve found in SyndeoCMS
This vulnerability allows an attacker to change administrator password and gain access to the system.

IBM classified this vulnerability as “Highly Exploitable”.

For more details about IBM X-Force publication:

ContaoCMS (fka TYPOlight) 2.11 CSRF (Delete Admin- Delete Article)

ContaoCMS (fka TYPOlight) 2.11 version (and lower) in affected by a CSRF vulnerability which allows to delete administrator/users, delete article, news, newsletter and so on.
I’ve created an Advisory describing this vulnerability and the methods to exploit it:
ContaoCMS Ivano Binetti’s Advisory

Other web sites have reported my security Advisory:



IBM X-Force published my PlumeCMS Advisory

Few days ago I discovered a new CSRF vulnerability ( which affects all versions – included latest (1.2.4) – of Pluse CMS.
Today IBM X-Force published my Advisory and classified the “Exploitability:” of this vulnerability as “High”.
Fore more details: