CVE-2007-5060
Xcms - CSRF
Title source: ruleDescription
Cross-site request forgery (CSRF) vulnerability in the cpass functionality in an admin action in index.php in XCMS allows remote attackers to change arbitrary passwords via certain password_ and rpassword_ parameters, possibly related to timestamp values.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by x0kster · htmlwebappsphp
https://www.exploit-db.com/exploits/30603
References (5)
Scores
EPSS
0.0031
EPSS Percentile
54.1%
Classification
CWE
CWE-352
Status
draft
Affected Products (1)
xcms/xcms
Timeline
Published
Sep 24, 2007
Tracked Since
Feb 18, 2026