CVE-2010-3891

IBM Omnifind < 9.0 - CSRF

Title source: rule

Description

Cross-site request forgery (CSRF) vulnerability in ESAdmin/security.do in the administrator interface in IBM OmniFind Enterprise Edition before 9.1 allows remote attackers to hijack the authentication of administrators for requests that add an administrative user via a saveNewUser action.

Exploits (1)

exploitdb WORKING POC

by Fatih Kilic · htmlwebappsmultiple

https://www.exploit-db.com/exploits/15473

View Code ZIP pw:eip

References (6)

[Exploit] http://security.fatihkilic.de/advisory/fkilic-sa-2010-ibm-omnifind.txt

[Exploit] http://www.exploit-db.com/exploits/15473

[Third Party Advisory, VDB Entry] http://www.osvdb.org/69083

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/514688/100/0/threaded

[Exploit] http://www.securityfocus.com/bid/44740

[Vendor Advisory] http://www.vupen.com/english/advisories/2010/2933

Scores

EPSS 0.0329

EPSS Percentile 87.2%

Details

CWE

CWE-352

Status published

Products (4)

ibm/omnifind 8.0

ibm/omnifind 8.4

ibm/omnifind 8.5

ibm/omnifind < 9.0

Published Nov 12, 2010

Tracked Since Feb 18, 2026