CVE-2010-0711

ASPCode CMS <2.0.0 Build 103 - CSRF

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-0711. PoCs published by Dr. Alberto Fontanella.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in ASPCode CMS v1.5.8, including XSS, CSRF, and SQL injection. It provides specific URLs and payloads to exploit these vulnerabilities.

Description

Cross-site request forgery (CSRF) vulnerability in default.asp in ASPCode CMS 1.5.8, 2.0.0 Build 103, and possibly other versions, allows remote attackers to hijack the authentication of an administrator for requests that (1) delete users via the delete action in the ma2 parameter or (2) create administrators via the update action in the ma2 parameter.

Exploits (1)

exploitdb WORKING POC

by Dr. Alberto Fontanella · textwebappsasp

https://www.exploit-db.com/exploits/12464

View Code ZIP pw:eip

This exploit demonstrates multiple vulnerabilities in ASPCode CMS v1.5.8, including XSS, CSRF, and SQL injection. It provides specific URLs and payloads to exploit these vulnerabilities.

Classification

Working Poc 90%

Attack Type

Xss | Csrf | Sqli

Complexity

Trivial

Reliability

Reliable

Target: ASPCode CMS <= v1.5.8

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK

T1059.007 - JavaScript T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/62357

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/38596

Exploit x_refsource_misc

http://packetstormsecurity.org/1002-exploits/aspcodecms-xssxsrf.txt

Scores

EPSS 0.0095

EPSS Percentile 56.9%

Details

CWE

CWE-352

Status published

Products (2)

aspcodecms/aspcode_cms 1.5.8

aspcodecms/aspcode_cms 2.0.0

Published Feb 25, 2010

Tracked Since Feb 18, 2026