CVE-2014-8429

Cross-site request forgery CSRF vulnerability in Xavoc Technocrats xEpan CMS 1.0.4.1, 1.0.4, 1.0.1, and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts via a crafted request to the owner/users page...

CVE-2014-8429

CVE-2014-8429 describes a Cross-Site Request Forgery (CSRF) in xEpan CMS (versions 1.0.1 and earlier; affected 1.0.4.1, 1.0.4) where an attacker can hijack administrator sessions by convincing a logged-in admin to perform an action that creates a new administrative account via a crafted request t...