Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2013-2754

Published: 11/03/2014 Updated: 12/03/2014
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 685
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Umi.cms

Vulnerability Summary

Cross-site request forgery (CSRF) vulnerability in Umisoft UMI.CMS prior to 2.9 build 21905 allows remote malicious users to hijack the authentication of administrators for requests that add administrator accounts via a request to admin/users/add/user/do/.

Vulnerable Product Search on Vulmon Subscribe to Product

umi-cms umi.cms 2.8.6

umi-cms umi.cms 2.8.5.2

umi-cms umi.cms 2.8.4

umi-cms umi.cms 2.8.2

umi-cms umi.cms 2.8.0

umi-cms umi.cms 2.7.3

umi-cms umi.cms 2.7.0

umi-cms umi.cms 2.6.3

umi-cms umi.cms 2.6.1

umi-cms umi.cms 2.8.6.1

umi-cms umi.cms 2.8.1.3

umi-cms umi.cms 2.8.1.2

umi-cms umi.cms 2.8.1

umi-cms umi.cms 2.8.0.5

umi-cms umi.cms 2.5.3

umi-cms umi.cms 2.5.2

umi-cms umi.cms 2.5.0

umi-cms umi.cms 2.3.3.9

umi-cms umi.cms 2.8.5

umi-cms umi.cms 2.8.4.4

umi-cms umi.cms 2.8.4.3

umi-cms umi.cms 2.8.4.2

umi-cms umi.cms 2.6.8

umi-cms umi.cms 2.6.7

umi-cms umi.cms 2.6.5

umi-cms umi.cms 2.6.4

umi-cms umi.cms 2.8.5.3

umi-cms umi.cms 2.8.5.1

umi-cms umi.cms 2.8.4.1

umi-cms umi.cms 2.8.3

umi-cms umi.cms 2.7.4

umi-cms umi.cms 2.7.2

umi-cms umi.cms 2.6.2

umi-cms umi.cms 2.6

umi-cms umi.cms

Exploits

Exploit DB: UMI CMS 2.9 - Cross-Site Request Forgery
Advisory ID: HTB23151 Product: UMICMS Vendor: OOO Umisoft Vulnerable Version(s): 29 and probably prior Tested Version: 29 Vendor Notification: April 3, 2013 Vendor Patch: May 7, 2013 Public Disclosure: May 8, 2013 Vulnerability Type: Cross-Site Request Forgery [CWE-352] CVE Reference: CVE-2013-2754 Risk Level: Medium CVSSv2 Base Score: 51 ( ...
Exploit DB: UMI.CMS 2.9 Cross Site Request Forgery
UMICMS version 29 suffers from a cross site request forgery vulnerability Fixed in version 29 build 21905 ...

References

CWE-352http://www.exploit-db.com/exploits/25449http://archives.neohapsis.com/archives/bugtraq/2013-05/0029.htmlhttp://osvdb.org/93104https://www.htbridge.com/advisory/HTB23151http://packetstormsecurity.com/files/121564/UMI.CMS-2.9-Cross-Site-Request-Forgery.htmlhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/25449/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionfirmwareCVE-2006-4304CVE-2024-32878CVE-2024-31502XSSCVE-2024-3059CVE-2024-33692CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook