15 matches found
CVE-2020-37144
Exagate SYSGuard 6001 contains a cross-site request forgery vulnerability that allows attackers to create unauthorized admin accounts through a crafted HTML form. Attackers can trick users into submitting a malicious form to /kulyon.php that adds a new user with administrative privileges without...
CVE-2022-29647
An issue was discovered in MCMS 5.2.7. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do...
CVE-2020-35347
CXUUCMS V3 3.1 has a CSRF vulnerability that can add an administrator account via admin.php?c=adminuser=add...
CVE-2024-57523
Cross Site Request Forgery CSRF in Users.php in SourceCodester Packers and Movers Management System 1.0 allows attackers to create unauthorized admin accounts via crafted requests sent to an authenticated admin user...
PimpMyLog 1.7.14 Improper Access Control
Exploit Title: PimpMyLog v1.7.14 - Improper access control Date: 2023-07-10 Exploit Author: thoughtfault Vendor Homepage: https://www.pimpmylog.com/ Software Link: https://github.com/potsky/PimpMyLog Version: 1.5.2-1.7.14 Tested on: Ubuntu 22.04 CVE : N/A Description: PimpMyLog suffers from...
CVE-2022-22294
A SQL injection vulnerability exists in ZFAKA=1.43 which an attacker can use to complete SQL injection in the foreground and add a background administrator account...
CVE-2020-24271
A CSRF vulnerability was discovered in EasyCMS v1.6 that can add an admin account through index.php?s=/admin/rbacuser/insert/navTabId/rbacuser/callbackType/closeCurrent, then post username=&password=...
CVE-2012-1563
Joomla! before 2.5.3 allows Admin Account Creation...
CVE-2019-9958
The CVE-2019-9958 entry affects Quadbase EspressReport ES (ERES) v7.0 update 7, where a CSRF flaw in the admin panel allows remote attackers to escalate privileges or create new admin accounts by coercing an authenticated admin’s session to perform unintended requests. The vulnerability arises fr...
Cross site request forgery (csrf)
A CSRF vulnerability was found in Verydows v2.0 that can add an admin account via index.php?m=backend&c=admin&a=add&step=submit...
PT-2018-3907 · Cisco · Cisco Fxos +2
Name of the Vulnerable Software and Affected Versions: Cisco FXOS Software versions prior to the fixed version Cisco NX-OS Software versions prior to the fixed version Description: A vulnerability in the write-erase feature of Cisco FXOS Software and Cisco NX-OS Software could allow an...
CVE-2018-10265
An issue was discovered in HongCMS v3.0.0. There is a CSRF vulnerability that can add an administrator account via the admin/index.php/users/save URI...
CVE-2018-10117
An issue was discovered in idreamsoft iCMS V7.0.7. There is a CSRF vulnerability that can add an admin account via admincp.php?app=members&do=save&frame=iPHP...
AIOCP 1.4.001 CSRF Vulnerability
Exploit for php platform in category web applications img...
CVE-2009-1771
index.php in Flyspeck CMS 6.8 does not require administrative authentication for the updateExistingContent action, which allows remote attackers to create or modify admin accounts via the 1 usersfullname, 2 usersemail, 3 usersroleid, 4 usersusername, and 5 userspassword parameters...