Published: 03/09/2015 Updated: 09/10/2018

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-site request forgery (CSRF) vulnerability in ajax.php in Cerb prior to 7.0.4 allows remote malicious users to hijack the authentication of administrators for requests that add an administrator account via a saveWorkerPeek action.

Vulnerable Product	Search on Vulmon	Subscribe to Product
webgroupmedia cerb

Advisory ID: HTB23269 Product: Cerb Vendor: Webgroup Media LLC Vulnerable Version(s): 703 and probably prior Tested Version: 703 Advisory Publication: August 12, 2015 [without technical details] Vendor Notification: August 12, 2015 Vendor Patch: August 14, 2015 Public Disclosure: September 2, 2015 Vulnerability Type: Cross-Site Request For ...

Cerb version 703 suffers from a cross site request forgery vulnerability ...

CWE-352 https://www.htbridge.com/advisory/HTB23269 https://github.com/wgm/cerb/commit/12de87ff9961a4f3ad2946c8f47dd0c260607144 http://wiki.cerbweb.com/7.0#7.0.4 https://www.exploit-db.com/exploits/38074/http://packetstormsecurity.com/files/133404/Cerb-7.0.3-Cross-Site-Request-Forgery.html http://www.securityfocus.com/archive/1/536376/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/38074/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-6545

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect