CVE-2013-4881

BigTree CMS < 4.0 - Cross-Site Request Forgery via User Creation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-4881.

AI-analyzed exploit summary The provided exploit code includes functional PoC examples for SQL injection, CSRF, and XSS vulnerabilities in BigTree CMS 4.0 RC2. The SQLi PoC demonstrates arbitrary SQL command execution, while the CSRF exploit creates an admin user, and the XSS example executes arbitrary JavaScript.

Description

Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/create.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for requests that create an administrative user via an add user action to index.php.

Exploits (1)

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/27431

View Code ZIP pw:eip

The provided exploit code includes functional PoC examples for SQL injection, CSRF, and XSS vulnerabilities in BigTree CMS 4.0 RC2. The SQLi PoC demonstrates arbitrary SQL command execution, while the CSRF exploit creates an admin user, and the XSS example executes arbitrary JavaScript.

Classification

Working Poc 90%

Attack Type

Sqli | Xss | Csrf

Complexity

Trivial

Reliability

Reliable

Target: BigTree CMS 4.0 RC2

No auth needed

Prerequisites: Access to the target application

MITRE ATT&CK