Lucene search
CVE-2018-12739
BEESCMS 4.0, CSRF allows admin addition, related to CVE-2018-10266
Show more
| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
 | CVE-2018-12739 | 5 Jul 201820:00 | – | cvelist |
| CVE-2018-10266 | 21 Apr 201817:00 | – | cvelist |
 | Cross site request forgery (csrf) | 5 Jul 201820:29 | – | prion |
| Cross site request forgery (csrf) | 22 Apr 201801:29 | – | prion |
 | CVE-2018-12739 | 5 Jul 201820:29 | – | nvd |
| CVE-2018-10266 | 22 Apr 201801:29 | – | nvd |
 | BEESCMS 4.0 Cross Site Request Forgery | 28 Jun 201800:00 | – | packetstorm |
 | BEESCMS 4.0 - Cross-Site Request Forgery (Add Admin) Vulnerability | 28 Jun 201800:00 | – | zdt |
 | BEESCMS 4.0 - Cross-Site Request Forgery (Add Admin) | 28 Jun 201800:00 | – | exploitdb |
 | BEESCMS 4.0 - Cross-Site Request Forgery (Add Admin)(CVE-2018-12739) | 29 Jun 201800:00 | – | seebug |
10
| Source | Link |
|---|---|
| exploit-db | www.exploit-db.com/exploits/44952/ |
| cnblogs | www.cnblogs.com/v1vvwv/p/9226389.html |
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| admin_name | request body | /beescms/admin/admin_admin.php | CSRF vulnerability allows arbitrary addition of administrators. | CWE-352 |
| admin_password | request body | /beescms/admin/admin_admin.php | CSRF vulnerability allows arbitrary addition of administrators. | CWE-352 |
| admin_password2 | request body | /beescms/admin/admin_admin.php | CSRF vulnerability allows arbitrary addition of administrators. | CWE-352 |
| admin_nich | request body | /beescms/admin/admin_admin.php | CSRF vulnerability allows arbitrary addition of administrators. | CWE-352 |
| purview | request body | /beescms/admin/admin_admin.php | CSRF vulnerability allows arbitrary addition of administrators. | CWE-352 |
| admin_admin | request body | /beescms/admin/admin_admin.php | CSRF vulnerability allows arbitrary addition of administrators. | CWE-352 |
| admin_mail | request body | /beescms/admin/admin_admin.php | CSRF vulnerability allows arbitrary addition of administrators. | CWE-352 |
| admin_tel | request body | /beescms/admin/admin_admin.php | CSRF vulnerability allows arbitrary addition of administrators. | CWE-352 |
| is_disable | request body | /beescms/admin/admin_admin.php | CSRF vulnerability allows arbitrary addition of administrators. | CWE-352 |
| action | request body | /beescms/admin/admin_admin.php | CSRF vulnerability allows arbitrary addition of administrators. | CWE-352 |
10
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo05 Jul 2018 20:29Current
8.5High risk
Vulners AI Score8.5
CVSS26.8
CVSS38.8
EPSS0.00249