Lucene search
K

4 matches found

NVD
NVD
added 2015/09/29 7:59 p.m.34 views

CVE-2015-5075

Cross-site request forgery CSRF vulnerability in X2Engine X2CRM before 5.2 allows remote attackers to hijack the authentication of administrators for requests that create an administrative account via a crafted request to index.php/users/create...

6.8CVSS6.9AI score0.02756EPSS
Exploits4References5
Cvelist
Cvelist
added 2015/09/29 7:0 p.m.31 views

CVE-2015-5075

Cross-site request forgery CSRF vulnerability in X2Engine X2CRM before 5.2 allows remote attackers to hijack the authentication of administrators for requests that create an administrative account via a crafted request to index.php/users/create...

6.9AI score0.02756EPSS
Exploits4References5
CVE
CVE
added 2015/09/29 7:0 p.m.64 views

CVE-2015-5075

CVE-2015-5075 affects X2Engine X2CRM (affected: 4.2; fixed: 5.2). Root cause: missing CSRF protections in index.php/users/create, enabling remote attackers to create an administrator account and hijack admin authentication. Exploitation details and advisories are documented in Portcullis/Exploit-...

6.8CVSS7.1AI score0.02756EPSS
Exploits4References5Affected Software1
exploitpack
exploitpack
added 2015/09/25 12:0 a.m.42 views

X2Engine 4.2 - Cross-Site Request Forgery

X2Engine 4.2 - Cross-Site Request Forgery Source: https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-5075/ Details: It was discovered that no protection against Cross-site Request Forgery attacks was implemented, resulting in an attacker being able to...

6.8CVSS0.9AI score0.02756EPSS
Exploits4
Rows per page
Query Builder