CVE-2014-9344

Snowfox CMS < 1.0 - Cross-Site Request Forgery via Admin Account Creation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-9344. PoCs published by LiquidWorm.

AI-analyzed exploit summary This is a CSRF exploit for Snowfox CMS v1.0 that allows an attacker to add an admin user by tricking an authenticated admin into submitting a malicious form. The exploit sends a POST request to the admin account creation endpoint with predefined values.

Description

Cross-site request forgery (CSRF) vulnerability in Snowfox CMS before 1.0.10 allows remote attackers to hijack the authentication of administrators for requests that add a new admin account via a submit action in the admin/accounts/create uri to snowfox/.

Exploits (1)

exploitdb WORKING POC
by LiquidWorm · htmlwebappsphp
https://www.exploit-db.com/exploits/35301

This is a CSRF exploit for Snowfox CMS v1.0 that allows an attacker to add an admin user by tricking an authenticated admin into submitting a malicious form. The exploit sends a POST request to the admin account creation endpoint with predefined values.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Snowfox CMS v1.0
Auth required
Prerequisites: Authenticated admin session · Victim interaction (e.g., clicking a link or visiting a malicious page)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/99128
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/show/osvdb/114819

Scores

EPSS 0.0234
EPSS Percentile 81.3%

Details

CWE
CWE-352
Status published
Products (1)
globiz_solutions/snowfox_content_management_system < 1.0
Published Dec 08, 2014
Tracked Since Feb 18, 2026