Description
Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to hijack the authentication of administrators for requests that conduct (1) cross-site scripting (XSS), (2) SQL injection, or (3) unrestricted file upload attacks.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Steffen Rösemann · textwebappsphp
https://www.exploit-db.com/exploits/35914
References (2)
Core 2
Core References
Issue Tracking x_refsource_misc
https://github.com/JRogaishio/ferretCMS/issues/63
Exploit mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/01/23/3
Scores
EPSS
0.0164
EPSS Percentile
82.1%
Details
CWE
CWE-352
Status
published
Products (1)
ferretcms_project/ferretcms
1.0.4 alpha
Published
Jan 27, 2015
Tracked Since
Feb 18, 2026