What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud Simple Link Directory simple-link-directory allows Cross Site Request Forgery.This issue affects Simple Link Directory: from n/a through <= 8.8.3.
Explanation of Vulnerability in Simple Terms
02Summary
Simple Link Directory versions 8.8.3 and earlier contain a cross-site request forgery (CSRF) vulnerability. An attacker can craft a malicious link that, when visited by a logged-in administrator, performs unwanted actions on the site without the administrator's knowledge. The vulnerability requires the victim to click a link or visit a page controlled by the attacker.
What an attacker can do
03Attacker Capabilities
Perform unwanted actions on the site by tricking an admin into clicking a malicious link.
Potential impact on your site
04Site Impact
An attacker can modify site settings or data if they trick an admin into visiting a malicious page.
Conditions required to exploit
05Prerequisites
An administrator must be logged in and click a link or visit a page controlled by the attacker.
Key dates
06Disclosure timeline
December 9, 2025
CVE published
April 28, 2026
Record updated