6.8

CVE-2013-2754

Exploit
Cross-site request forgery (CSRF) vulnerability in Umisoft UMI.CMS before 2.9 build 21905 allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via a request to admin/users/add/user/do/.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Umi-cmsUmi.Cms Version <= 2.9
Umi-cmsUmi.Cms Version2.3.3.9
Umi-cmsUmi.Cms Version2.5.0
Umi-cmsUmi.Cms Version2.5.2
Umi-cmsUmi.Cms Version2.5.3
Umi-cmsUmi.Cms Version2.6
Umi-cmsUmi.Cms Version2.6.1
Umi-cmsUmi.Cms Version2.6.2
Umi-cmsUmi.Cms Version2.6.3
Umi-cmsUmi.Cms Version2.6.4
Umi-cmsUmi.Cms Version2.6.5
Umi-cmsUmi.Cms Version2.6.7
Umi-cmsUmi.Cms Version2.6.8
Umi-cmsUmi.Cms Version2.7.0
Umi-cmsUmi.Cms Version2.7.2
Umi-cmsUmi.Cms Version2.7.3
Umi-cmsUmi.Cms Version2.7.4
Umi-cmsUmi.Cms Version2.8.0
Umi-cmsUmi.Cms Version2.8.0.5
Umi-cmsUmi.Cms Version2.8.1
Umi-cmsUmi.Cms Version2.8.1.2
Umi-cmsUmi.Cms Version2.8.1.3
Umi-cmsUmi.Cms Version2.8.2
Umi-cmsUmi.Cms Version2.8.3
Umi-cmsUmi.Cms Version2.8.4
Umi-cmsUmi.Cms Version2.8.4.1
Umi-cmsUmi.Cms Version2.8.4.2
Umi-cmsUmi.Cms Version2.8.4.3
Umi-cmsUmi.Cms Version2.8.4.4
Umi-cmsUmi.Cms Version2.8.5
Umi-cmsUmi.Cms Version2.8.5.1
Umi-cmsUmi.Cms Version2.8.5.2
Umi-cmsUmi.Cms Version2.8.5.3
Umi-cmsUmi.Cms Version2.8.6
Umi-cmsUmi.Cms Version2.8.6.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.27% 0.5
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.