CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

33 matches found

Cvelist•added 2026/03/06 12:19 p.m.•24 views

CVE-2018-25200 OOP CMS BLOG 1.0 Cross-Site Request Forgery via addUser.php

OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by crafting malicious POST requests. Attackers can submit forms to the addUser.php endpoint with parameters including userName, password, email, and ro...

6.9CVSS0.0009EPSS

Exploits1References2

CVE•added 2026/03/06 12:19 p.m.•5 views

CVE-2018-25200

OOP CMS BLOG 1.0 is affected by a cross-site request forgery via addUser.php that allows unauthenticated creation of an administrative user by posting userName, password, email, and role parameters. Root cause is CSRF enabling admin account creation without authentication. Impact: potential unaut...

8.8CVSS5.7AI score0.0009EPSS

Exploits1References2Affected Software1

CNNVD•added 2026/03/06 12:0 a.m.•2 views

Zsoft OOP CMS BLOG 跨站请求伪造漏洞

Zsoft OOP CMS BLOG is a content management system blog platform developed by Zsoft Company in Bangladesh. Version 1.0 of Zsoft OOP CMS BLOG contains a cross-site request forgeing vulnerability. This vulnerability stems from the addUser.php file, which has cross-site request forgeing issues,...

8.8CVSS5.7AI score0.0009EPSS

Exploits1References2

Positive Technologies•added 2026/03/06 12:0 a.m.•2 views

PT-2026-23709

Name of the Vulnerable Software and Affected Versions OOP CMS BLOG version 1.0 Description The software is susceptible to a cross-site request forgery issue. Unauthenticated attackers can create administrative user accounts by submitting specially designed POST requests. The attack targets the...

8.8CVSS5.7AI score0.0009EPSS

Exploits1References5

Vulnrichment•added 2024/03/12 3:25 p.m.•17 views

CVE-2024-1529 Cross-site Scripting in CMS Made Simple

Vulnerability in CMS Made Simple 2.2.14, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting XSS vulnerability through /admin/adduser.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted JavaScript...

7.4CVSS6.6AI score0.0008EPSS

Exploits0References1

Packet Storm•added 2023/07/21 12:0 a.m.•282 views

CMS Contabil Bandeirantes 1.0.0 Cross Site Request Forgery

====================================================================================================================================== | Title : CMSContábil Bandeirantes V 1.0.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 61.0.1...

7.1AI score

Exploits0

Packet Storm•added 2023/07/03 12:0 a.m.•204 views

XEL CMS 1.1 Cross Site Request Forgery

==================================================================================================================================== | Title : XEL cms© v1.1 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.332-bit | | Vendor :...

7.1AI score

Exploits0

Packet Storm•added 2022/07/28 12:0 a.m.•196 views

Loan Management System 1.0 Cross Site Scripting

Exploit Title: Loan Management System - Stored XSS on several parameters Date: 28/07/2022 Exploit Author: saitamang Vendor Homepage: sourcecodester Software Link: https://www.sourcecodester.com/sites/default/files/download/razormist/LMS.zip Version: 1.0 Tested on: Centos 7 apache2 + MySQL There a...

Exploits0

Exploit DB•added 2018/11/06 12:0 a.m.•22 views

OOP CMS BLOG 1.0 - Cross-Site Request Forgery (Add Admin)

Exploit Title: OOP CMS BLOG 1.0 - Cross-Site Request Forgery Add Admin Dork: N/A Date: 2018-11-06 Exploit Author: Ihsan Sencan Vendor Homepage: http://zsoft.com.bd/ Software Link: https://datapacket.dl.sourceforge.net/project/php-oop-cms-blog/blogforup.zip Version: 1.0 Category: Webapps Tested on...

7.4AI score

Exploits0

Prion•added 2018/09/02 6:29 p.m.•9 views

Cross site request forgery (csrf)

An issue was discovered in EmpireCMS 7.0. There is a CSRF vulnerability that can add administrators via upload/e/admin/user/AddUser.php?enews=AddUser...

6.8CVSS8.6AI score0.00134EPSS

Exploits1References1Affected Software1

NVD•added 2018/09/02 6:29 p.m.•12 views

CVE-2018-16339

An issue was discovered in EmpireCMS 7.0. There is a CSRF vulnerability that can add administrators via upload/e/admin/user/AddUser.php?enews=AddUser...

8.8CVSS8.7AI score0.00134EPSS

Exploits1References1

Veracode•added 2017/07/26 12:48 a.m.•98 views

Cross-site Request Forgery (CSRF)

CMS Made Simple is vulnerable to cross-site request forgery CSRF attacks. A malicious user can hijack the authentication of admins for requests to create accounts through an admin/adduser.php requests...

8CVSS7.9AI score0.00631EPSS

Exploits0References1Affected Software1

Cvelist•added 2017/01/16 6:0 a.m.•18 views

CVE-2016-7904

Cross-site request forgery CSRF vulnerability in CMS Made Simple before 2.1.6 allows remote attackers to hijack the authentication of administrators for requests that create accounts via an admin/adduser.php request...

8.2AI score0.00631EPSS

Exploits0References3

CVE•added 2017/01/16 6:0 a.m.•42 views

CVE-2016-7904

CMS Made Simple CVE-2016-7904 is a CSRF in admin/adduser.php that lets an attacker hijack admin authentication to create accounts on versions before 2.1.6. Impact includes unauthorized admin account creation; remediation is to upgrade to 2.1.6 or newer.

8CVSS8.1AI score0.00631EPSS

Exploits0References3Affected Software1

pwnmalw•added 2016/12/14 12:0 a.m.•549 views

Malware exploit: Vertexnet V1.1.1

Type: Flood Bots Author: Xylitol !/usr/bin/perl VertexNet v1.1.1 Flood Bots http://www.virustotal.com/file-scan/report.html?id=fd373a8f4adf29001d282b963f126f760afcf3e58117f6024b2d65a36d41f617-1305491791 Xyl2k! :þ use HTTP::Request; use LWP::UserAgent; $URL = "http://localhost/Panel/adduser.php";...

0.5AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•18 views

myBloggie 2.1.2/2.1.3 adduser.php errormsg Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/17048/info MyBloggie is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have...

7.1AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•11 views

ITA Forum <= 1.49 SQL Injection Exploit

No description provided by source. !/usr/bin/perl use LWP::UserAgent; ITA Forum 1.49 sql injection exploit with one char bruteforce by 1dt.w0lf // r57 :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: example: r57ita.pl http://127.0.0.1/ITA...

7.1AI score

Exploits0

CVE•added 2010/07/09 7:0 p.m.•31 views

CVE-2010-2685

CVE-2010-2685 concerns Customer Paradigm PageDirector CMS. The issue arises from improper access control in siteadmin/adduser.php, allowing remote attackers to bypass restrictions and add administrative users via a direct request. The vulnerability is documented with a high severity (CVSS v2 base...

7.5CVSS6.9AI score0.02382EPSS

Exploits1References5Affected Software1

Cvelist•added 2010/07/09 7:0 p.m.•16 views

CVE-2010-2685

siteadmin/adduser.php in Customer Paradigm PageDirector CMS does not properly restrict access, which allows remote attackers to bypass intended restrictions and add administrative users via a direct request...

6.7AI score0.02382EPSS

Exploits1References5

exploitpack•added 2010/06/28 12:0 a.m.•26 views

PageDirector CMS - Multiple Vulnerabilities

PageDirector CMS - Multiple Vulnerabilities Exploit Title : PageDirector CMS Multiple Vulnerabilities Date : 20 - 6 - 2010 Author : Tr0y-x Vendor : www.customerparadigm.com Version : All Versions Tested on : Linux Home : WwW.SeC-WaR.CoM Price : 675.00 $ loooooolz -== SQL Injection Vulenrability =...

0.4AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by