CVE-2013-20005

EIP tracks 1 public exploit for CVE-2013-20005. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in Qool CMS v2.0 RC2, allowing an attacker to create a root-level user via a crafted HTML form. It also includes multiple XSS injection examples targeting various admin endpoints.

Qool CMS 2.0 RC2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious web pages. Attackers can forge POST requests to the /admin/adduser endpoint with parameters like username, password, email, and level to create root-level user accounts without user consent.