CVE-2013-7209

JForum - Cross-Site Request Forgery in Admin Module

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-7209. PoCs published by arno.

AI-analyzed exploit summary The provided text describes a CSRF vulnerability in JForum, where an attacker can trick a user into submitting a malicious request to change user group permissions. The example URL demonstrates the attack vector but lacks executable exploit code.

Description

Cross-site request forgery (CSRF) vulnerability in admBase/login.page in the Admin module in JForum allows remote attackers to hijack the authentication of administrators for requests that change the user group permissions of arbitrary users via a groupsSave action.

Exploits (1)

exploitdb WRITEUP VERIFIED
by arno · textwebappsphp
https://www.exploit-db.com/exploits/38919

The provided text describes a CSRF vulnerability in JForum, where an attacker can trick a user into submitting a malicious request to change user group permissions. The example URL demonstrates the attack vector but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: JForum (version not specified)
No auth needed
Prerequisites: Victim must be authenticated and tricked into clicking a malicious link
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/101438
Exploit mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2013/Dec/206

Scores

EPSS 0.0281
EPSS Percentile 84.8%

Details

CWE
CWE-352
Status published
Products (1)
jforum/jforum
Published Dec 30, 2013
Tracked Since Feb 18, 2026