4 matches found
CVE-2015-5075
Cross-site request forgery CSRF vulnerability in X2Engine X2CRM before 5.2 allows remote attackers to hijack the authentication of administrators for requests that create an administrative account via a crafted request to index.php/users/create...
CVE-2015-5075
Cross-site request forgery CSRF vulnerability in X2Engine X2CRM before 5.2 allows remote attackers to hijack the authentication of administrators for requests that create an administrative account via a crafted request to index.php/users/create...
CVE-2015-5075
CVE-2015-5075 affects X2Engine X2CRM (affected: 4.2; fixed: 5.2). Root cause: missing CSRF protections in index.php/users/create, enabling remote attackers to create an administrator account and hijack admin authentication. Exploitation details and advisories are documented in Portcullis/Exploit-...
X2Engine 4.2 - Cross-Site Request Forgery
X2Engine 4.2 - Cross-Site Request Forgery Source: https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-5075/ Details: It was discovered that no protection against Cross-site Request Forgery attacks was implemented, resulting in an attacker being able to...