bay0net

5 exploits Active since Jun 2018
CVE-2018-13031 EXPLOITDB HIGH html WORKING POC
DamiCMS 6.0.0 and 6.1.0 - Cross-Site Request Forgery via Admin Account Addition
DamiCMS v6.0.0 aand 6.1.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account.
CVSS 8.8
CVE-2018-12114 EXPLOITDB HIGH html WORKING POC
Maccms 10 - Cross-Site Request Forgery via Admin Account Creation
Maccms 10 allows CSRF via admin.php/admin/admin/info.html to add user accounts.
CVSS 8.8
CVE-2018-12603 EXPLOITDB HIGH html WORKING POC
LFCMS 3.7.0 - Cross-Site Request Forgery via Admin User Addition
Cross-site request forgery (CSRF) vulnerability in admin.php in LFCMS 3.7.0 allows remote attackers to hijack the authentication of unspecified users for requests that add administrator users via the s parameter, a related issue to CVE-2018-12114.
CVSS 8.8
CVE-2018-12602 EXPLOITDB HIGH html WORKING POC
LFCMS 3.7.0 - Cross-Site Request Forgery
A CSRF vulnerability exists in LFCMS 3.7.0: users can be added arbitrarily.
CVSS 8.8
CVE-2018-12739 EXPLOITDB HIGH html WORKING POC
BEESCMS 4.0 - Cross-Site Request Forgery
In BEESCMS 4.0, CSRF allows administrators to be added arbitrarily, a related issue to CVE-2018-10266.
CVSS 8.8