Published: 13/01/2019 Updated: 16/01/2019

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 686

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

An issue exists in HuCart v5.7.4. There is a CSRF vulnerability that can add an admin account via /adminsys/index.php?load=admins&act=edit_info&act_type=add.

Vulnerable Product	Search on Vulmon	Subscribe to Product
hucart hucart 5.7.4

<!-- # Exploit Title: Hucart cms v574 CSRF vulnerability add administrator account # Date: 2019-01-13 # Exploit Author: AllenChen（520allen@gmailcom） # Vendor Homepage: wwwhucartcom/ # Software Link: wwwhucartcom/ # Version: v574 # CVE : CVE-2019-6249 An issue was discovered in HuCart v574 There is a CSRF vulnerabi ...

Hucart CMS version 574 suffers from a cross site request forgery vulnerability ...

CVE-2019-6249 Hucart cms 复现环境

CVE-2019-6249_Hucart cms 一、漏洞摘要漏洞名称: Hucart cms v574 CSRF漏洞可任意增加管理员账号上报日期: 2019-01-13 漏洞发现者: AllenChen（520allen@gmailcom）产品首页: wwwhucartcom/ 软件链接: wwwhucartcom/ 版本: v574 CVE编号: CVE-2019-6249\ 二、漏洞概述 Hucart cms v574版本存在一个CSRF漏洞�

CVE-2019-6249 Hucart cms 复现环境

CVE-2019-6249_Hucart cms 一、漏洞摘要漏洞名称: Hucart cms v574 CSRF漏洞可任意增加管理员账号上报日期: 2019-01-13 漏洞发现者: AllenChen（520allen@gmailcom）产品首页: wwwhucartcom/ 软件链接: wwwhucartcom/ 版本: v574 CVE编号: CVE-2019-6249\ 二、漏洞概述 Hucart cms v574版本存在一个CSRF漏洞�

CWE-352 http://www.iwantacve.cn/index.php/archives/109/https://www.exploit-db.com/exploits/46149/https://nvd.nist.gov https://www.exploit-db.com/exploits/46149 https://github.com/AlphabugX/CVE-2019-6249_Hucart-cms

CVE-2019-6249

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect