CVE-2014-3866

Usercake < 2.0.2 - CSRF

Title source: rule

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in user_settings.php in Usercake 2.0.2 and earlier allow remote attackers to hijack the authentication of administrators for requests that change the (1) administrative password via the passwordc parameter or (2) administrative e-mail address via the email parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Dolev Farhi · htmlwebappsphp

https://www.exploit-db.com/exploits/39198

View Code ZIP pw:eip

References (1)

[Exploit] http://research.openflare.org/advisories/OF-2014-11/usercake_csrf.txt

Scores

EPSS 0.0021

EPSS Percentile 43.6%

Details

CWE

CWE-352

Status published

Products (2)

usercake/usercake 2.0.1

usercake/usercake < 2.0.2

Published May 26, 2014

Tracked Since Feb 18, 2026