AyaCMS is an extremely simple and free open source Php site building system. a cross-site request forgery vulnerability exists in AyaCMS, which stems from a lack of checking for cross-site request forgery in the softwareβs change of administrator password operation. An attacker could use this vulnerability to change the administrator password or other unspecified impact.