10 matches found
EUVD-2017-1253
Malware in sbrugna...
Cross site request forgery (csrf)
app/system/admin/admin/index.class.php in MetInfo 7.0.0beta allows a CSRF attack to add a user account via a doSaveSetup action to admin/index.php, as demonstrated by an admin/?n=admin&c=index&a=doSaveSetup URI...
CVE-2019-16706
kkcms v1.3 has a CSRF vulnerablity that can add an user account via admin/cmsuseradd.php...
Unauthorised Admin User Account Creation
https://github.com/goharbor/harbor is vulnerable to unauthorized admin user account creation. During a registration of a non-admin user, a request from non-admin user to create admin user account is not validated, allowing a low-privileged user to create an admin user account...
Cross site request forgery (csrf)
PRTG Network Monitor before 18.2.40.1683 allows an authenticated user with a read-only account to create another user with a read-write account including administrator via an HTTP request because /api/addusers doesn't check, or doesn't properly check, user rights...
CVE-2018-18422
UsualToolCMS 8.0 allows CSRF for adding a user account via the cmsadmin/aadminx.php?x=a URI...
Cross site request forgery (csrf)
qibosoft V7.0 allows CSRF via admin/index.php?lfj=member&action=addmember to add a user account...
CVE-2018-13445
An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability that can add a user account via adm1n/adminmanager.php?action=add...
WUZHI CMS 4.1.0 - Cross-Site Request Forgery (Add User)
WUZHI CMS 4.1.0 - Cross-Site Request Forgery Add User Exploit Title: WUZHI CMS 4.1.0 CSRF vulnerability add user account Date: 2018-04-10 Exploit Author: taoge Vendor Homepage: https://github.com/wuzhicms/wuzhicms Software Link: https://github.com/wuzhicms/wuzhicms Version: 4.1.0 CVE :...
Cross site request forgery (csrf)
atmail before 7.8.0.2 has CSRF, allowing an attacker to create a user account...