CVE-2004-1995
MEDIUMFuseTalk 2.0 - Cross-Site Request Forgery via adduser.cfm
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2004-1995. PoCs published by Stuart Jamieson.
AI-analyzed exploit summary The exploit describes a vulnerability in FuseTalk's adduser.cfm script where an attacker can craft a malicious URI to execute arbitrary commands in the context of an administrator. The provided URL demonstrates how an attacker could create a new user with elevated privileges by manipulating input parameters.
Description
Cross-Site Request Forgery (CSRF) vulnerability in FuseTalk 2.0 allows remote attackers to create arbitrary accounts via a link to adduser.cfm.
Exploits (1)
The exploit describes a vulnerability in FuseTalk's adduser.cfm script where an attacker can craft a malicious URI to execute arbitrary commands in the context of an administrator. The provided URL demonstrates how an attacker could create a new user with elevated privileges by manipulating input parameters.
References (6)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N