CVE-2013-20005
MEDIUMQool CMS 2.0 RC2 Cross-Site Request Forgery via adduser
Title source: cnaDescription
Qool CMS 2.0 RC2 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious web pages. Attackers can forge POST requests to the /admin/adduser endpoint with parameters like username, password, email, and level to create root-level user accounts without user consent.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by LiquidWorm · textwebappsphp
https://www.exploit-db.com/exploits/24627
References (3)
Core 3
Core References
Vendor Advisory vendor-advisory
Vulnerability Advisory
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5134.php
Third Party Advisory third-party-advisory
VulnCheck Advisory: Qool CMS 2.0 RC2 Cross-Site Request Forgery via adduser
https://www.vulncheck.com/advisories/qool-cms-rc2-cross-site-request-forgery-via-adduser
Scores
CVSS v3
5.3
EPSS
0.0004
EPSS Percentile
12.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (1)
Qool/Qool CMS
2.0
Published
Mar 16, 2026
Tracked Since
Mar 16, 2026