Description
Cross-site request forgery (CSRF) vulnerability in upload/users.php in Utopia News Pro (UNP) 1.4.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Dr.NaNo · textwebappsphp
https://www.exploit-db.com/exploits/18720
References (3)
Core 3
Core References
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/18720
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/80986
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/74760
Scores
EPSS
0.0020
EPSS Percentile
41.8%
Details
CWE
CWE-352
Status
published
Products (1)
utopiasoftware/news_pro
< 1.4.0
Published
Aug 14, 2012
Tracked Since
Feb 18, 2026