Server side request forgery (ssrf)

2010-07-1213:27:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

Low

0.014 Low

EPSS

Percentile

86.4%

JSON

siteadmin/adduser.php in Customer Paradigm PageDirector CMS does not properly restrict access, which allows remote attackers to bypass intended restrictions and add administrative users via a direct request.

References

packetstormsecurity.org/1006-exploits/pagedirector-sqladdadmin.txt

secunia.com/advisories/40367

www.osvdb.org/65831

www.vupen.com/english/advisories/2010/1633

www.exploit-db.com/exploits/14089