CSRF vulnerability in flatCore version 1.4.6 allows remote malicious users to modify CMS configurations.
flatcore flatcore-cms 1.4.6