← back
CVE-2014-8953

CVE-2014-8953

EPSS 2.3%
Multiple cross-site request forgery (CSRF) vulnerabilities in Php Scriptlerim Who's Who script allow remote attackers to hijack the authentication of administrators or requests that (1) add an admin account via a request to filepath/yonetim/plugin/adminsave.php or have unspecified impact via a request to (2) ayarsave.php, (3) uyesave.php, (4) slaytadd.php, or (5) slaytsave.php.
Affected products
n/a · n/a
public PoCs found3
cve_referencepacketstormsecurity.com/files/129102/Whos-Who-Script-Cross-Site-Request-Forgery.htmlunverifiedcve_referencewww.exploit-db.com/exploits/35129unverifiedexploitdbwww.exploit-db.com/exploits/35129unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/129102/Whos-Who-Script-Cross-Site-Request-Forgery.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/98631http://www.exploit-db.com/exploits/35129