CVE-2014-5100

Omeka < 2.2 - CSRF

Title source: rule
STIX 2.1

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Omeka before 2.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new super user account via a request to admin/users/add, (2) insert cross-site scripting (XSS) sequences via the api_key_label parameter to admin/users/api-keys/1, or (3) disable file validation via a request to admin/settings/edit-security.

Exploits (1)

exploitdb WORKING POC VERIFIED
by LiquidWorm · textwebappsphp
https://www.exploit-db.com/exploits/34100

References (9)

Core 9
Core References
Vendor Advisory x_refsource_confirm
http://omeka.org/codex/Release_Notes_for_2.2.1
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/94689
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/94690
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/68707
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/34100

Scores

EPSS 0.0161
EPSS Percentile 81.8%

Details

CWE
CWE-352
Status published
Products (1)
omeka/omeka < 2.2
Published Jul 25, 2014
Tracked Since Feb 18, 2026