Backdrop CMS is an open source content management system (CMS). A cross-site request forgery vulnerability exists in Backdrop CMS, which stems from obtaining remote code execution (RCE) on a hosted web server by uploading a malicious add-on with a crafted PHP file. No details of the vulnerability are currently available.