CVE-2013-2754

🗓️ 11 Mar 2014 15:00:00Reported by mitreType

cve🔗 web.nvd.nist.gov👁 58 Views🌐 WEB

CVE-2013-2754 CSRF vulnerability in Umisoft UMI.CM

Reporter	Title	Published	Views	Family All 11
0day.today	UMI.CMS 2.9 Cross Site Request Forgery Vulnerability	9 May 201300:00	–	zdt
Cvelist	CVE-2013-2754	11 Mar 201415:00	–	cvelist
Exploit DB	UMI CMS 2.9 - Cross-Site Request Forgery	14 May 201300:00	–	exploitdb
EUVD	EUVD-2013-2693	7 Oct 202500:30	–	euvd
exploitpack	UMI CMS 2.9 - Cross-Site Request Forgery	14 May 201300:00	–	exploitpack
htbridge	Cross-Site Request Forgery (CSRF) in UMI.CMS	3 Apr 201300:00	–	htbridge
NVD	CVE-2013-2754	11 Mar 201419:37	–	nvd
Packet Storm	UMI.CMS 2.9 Cross Site Request Forgery	8 May 201300:00	–	packetstorm
Prion	Cross site request forgery (csrf)	11 Mar 201419:37	–	prion
securityvulns	Cross-Site Request Forgery (CSRF) in UMI.CMS	10 May 201300:00	–	securityvulns

NVD

Node

umi-cms umi.cmsRange≤2.9

umi-cms umi.cmsMatch2.3.3.9

umi-cms umi.cmsMatch2.5.0

umi-cms umi.cmsMatch2.5.2

umi-cms umi.cmsMatch2.5.3

umi-cms umi.cmsMatch2.6

umi-cms umi.cmsMatch2.6.1

umi-cms umi.cmsMatch2.6.2

umi-cms umi.cmsMatch2.6.3

umi-cms umi.cmsMatch2.6.4

umi-cms umi.cmsMatch2.6.5

umi-cms umi.cmsMatch2.6.7

umi-cms umi.cmsMatch2.6.8

umi-cms umi.cmsMatch2.7.0

umi-cms umi.cmsMatch2.7.2

umi-cms umi.cmsMatch2.7.3

umi-cms umi.cmsMatch2.7.4

umi-cms umi.cmsMatch2.8.0

umi-cms umi.cmsMatch2.8.0.5

umi-cms umi.cmsMatch2.8.1

umi-cms umi.cmsMatch2.8.1.2

umi-cms umi.cmsMatch2.8.1.3

umi-cms umi.cmsMatch2.8.2

umi-cms umi.cmsMatch2.8.3

umi-cms umi.cmsMatch2.8.4

umi-cms umi.cmsMatch2.8.4.1

umi-cms umi.cmsMatch2.8.4.2

umi-cms umi.cmsMatch2.8.4.3

umi-cms umi.cmsMatch2.8.4.4

umi-cms umi.cmsMatch2.8.5

umi-cms umi.cmsMatch2.8.5.1

umi-cms umi.cmsMatch2.8.5.2

umi-cms umi.cmsMatch2.8.5.3

umi-cms umi.cmsMatch2.8.6

umi-cms umi.cmsMatch2.8.6.1

Source	Link
osvdb	www.osvdb.org/93104
packetstormsecurity	www.packetstormsecurity.com/files/121564/UMI.CMS-2.9-Cross-Site-Request-Forgery.html
exploit-db	www.exploit-db.com/exploits/25449
archives	www.archives.neohapsis.com/archives/bugtraq/2013-05/0029.html
htbridge	www.htbridge.com/advisory/HTB23151

Parameter	Position	Path	Description	CWE
data[new][login]	request body	admin/users/add/user/do/	CSRF vulnerability allowing creation of a new administrator via a forged POST to /admin/users/add/user/do/	CWE-352
data[new][password][]	request body	admin/users/add/user/do/	CSRF vulnerability allowing creation of a new administrator via a forged POST to /admin/users/add/user/do/	CWE-352
data[new][e-mail]	request body	admin/users/add/user/do/	CSRF vulnerability allowing creation of a new administrator via a forged POST to /admin/users/add/user/do/	CWE-352
data[new][is_activated]	request body	admin/users/add/user/do/	CSRF vulnerability allowing creation of a new administrator via a forged POST to /admin/users/add/user/do/	CWE-352
data[new][fname]	request body	admin/users/add/user/do/	CSRF vulnerability allowing creation of a new administrator via a forged POST to /admin/users/add/user/do/	CWE-352
data[new][groups][]	request body	admin/users/add/user/do/	CSRF vulnerability allowing creation of a new administrator via a forged POST to /admin/users/add/user/do/	CWE-352
data[new][groups][]	request body	admin/users/add/user/do/	CSRF vulnerability allowing creation of a new administrator via a forged POST to /admin/users/add/user/do/	CWE-352
	request body	admin/users/add/user/do/	CSRF vulnerability allowing creation of a new administrator via a forged POST to /admin/users/add/user/do/	CWE-352

06 May 2026 22:30Current

6.9Medium risk

Vulners AI Score6.9

CVSS 26.8

EPSS0.00316

CWE-352