bay0net - Security Researcher - Exploit Intelligence Platform

CVE-2018-13031 EXPLOITDB HIGH html WORKING POC

Damicms - CSRF

DamiCMS v6.0.0 aand 6.1.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account.

CVSS 8.8

View Code

CVE-2018-12114 EXPLOITDB HIGH html WORKING POC

Maccms 10 - CSRF

Maccms 10 allows CSRF via admin.php/admin/admin/info.html to add user accounts.

CVSS 8.8

View Code

CVE-2018-12603 EXPLOITDB HIGH html WORKING POC

LFCMS 3.7.0 - CSRF

Cross-site request forgery (CSRF) vulnerability in admin.php in LFCMS 3.7.0 allows remote attackers to hijack the authentication of unspecified users for requests that add administrator users via the s parameter, a related issue to CVE-2018-12114.

CVSS 8.8

View Code

CVE-2018-12602 EXPLOITDB HIGH html WORKING POC

LFCMS 3.7.0 - CSRF

A CSRF vulnerability exists in LFCMS 3.7.0: users can be added arbitrarily.

CVSS 8.8

View Code

CVE-2018-12739 EXPLOITDB HIGH html WORKING POC

BEESCMS 4.0 - CSRF

In BEESCMS 4.0, CSRF allows administrators to be added arbitrarily, a related issue to CVE-2018-10266.

CVSS 8.8

View Code