CVE-2010-2039
Gpeasy Cms < 1.6.2 - CSRF
Title source: ruleDescription
Cross-site request forgery (CSRF) vulnerability in gpEasy CMS 1.6.2, 1.6.1, and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative users via an Admin_Users action to index.php. NOTE: some of these details are obtained from third party information.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Giuseppe 'giudinvx' D'Inverno · htmlwebappsphp
https://www.exploit-db.com/exploits/12441
References (6)
Scores
EPSS
0.0195
EPSS Percentile
83.5%
Details
CWE
CWE-352
Status
published
Products (5)
gpeasy/gpeasy_cms
1.5 (4 CPE variants)
gpeasy/gpeasy_cms
1.6 (6 CPE variants)
gpeasy/gpeasy_cms
1.6.1
gpeasy/gpeasy_cms
1.6.3
gpeasy/gpeasy_cms
< 1.6.2
Published
May 25, 2010
Tracked Since
Feb 18, 2026