Description
Cross-site request forgery (CSRF) vulnerability in Xavoc Technocrats xEpan CMS 1.0.4.1, 1.0.4, 1.0.1, and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts via a crafted request to the owner/users page.
Exploits (1)
exploitdb
WORKING POC
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/35381
References (2)
Core 2
Core References
Exploit x_refsource_misc
https://www.htbridge.com/advisory/HTB23240
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/534096/100/0/threaded
Scores
EPSS
0.0056
EPSS Percentile
68.3%
Details
CWE
CWE-352
Status
published
Products (3)
xavoc/xepan_cms
1.0.4
xavoc/xepan_cms
1.0.4.1
xavoc/xepan_cms
< 1.0.1
Published
Nov 28, 2014
Tracked Since
Feb 18, 2026