CVE-2010-3891

IBM OmniFind Enterprise Edition < 9.1 - Cross-Site Request Forgery in Administrator Interface

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-3891. PoCs published by Fatih Kilic.

AI-analyzed exploit summary This is a functional CSRF exploit for CVE-2010-3891, demonstrating how an attacker can add an admin user to IBM OmniFind Enterprise Edition via a malicious form submission. The exploit leverages the lack of CSRF protection in the administrator interface.

Description

Cross-site request forgery (CSRF) vulnerability in ESAdmin/security.do in the administrator interface in IBM OmniFind Enterprise Edition before 9.1 allows remote attackers to hijack the authentication of administrators for requests that add an administrative user via a saveNewUser action.

Exploits (1)

exploitdb WORKING POC

by Fatih Kilic · htmlwebappsmultiple

https://www.exploit-db.com/exploits/15473

View Code ZIP pw:eip

This is a functional CSRF exploit for CVE-2010-3891, demonstrating how an attacker can add an admin user to IBM OmniFind Enterprise Edition via a malicious form submission. The exploit leverages the lack of CSRF protection in the administrator interface.

Classification

Working Poc 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: IBM OmniFind Enterprise Edition

No auth needed

Prerequisites: Victim must be authenticated as an admin in the target application · Victim must visit the malicious webpage

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (6)

Core 6

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/69083

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/15473

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/514688/100/0/threaded

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/44740

Exploit x_refsource_misc

http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/2933

Scores

EPSS 0.0114

EPSS Percentile 62.4%

Details

CWE

CWE-352

Status published

Products (4)

ibm/omnifind 8.0

ibm/omnifind 8.4

ibm/omnifind 8.5

ibm/omnifind < 9.0

Published Nov 12, 2010

Tracked Since Feb 18, 2026