CVE-2015-1374

ferretCMS 1.0.4-alpha - Cross-Site Request Forgery in admin.php

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-1374. PoCs published by Steffen Rösemann.

AI-analyzed exploit summary This advisory details multiple vulnerabilities in ferretCMS v1.0.4-alpha, including stored/reflected XSS, SQL injection, and arbitrary file upload. The writeup provides technical details and proof-of-concept URLs for exploitation.

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to hijack the authentication of administrators for requests that conduct (1) cross-site scripting (XSS), (2) SQL injection, or (3) unrestricted file upload attacks.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Steffen Rösemann · textwebappsphp

https://www.exploit-db.com/exploits/35914

View Code ZIP pw:eip

This advisory details multiple vulnerabilities in ferretCMS v1.0.4-alpha, including stored/reflected XSS, SQL injection, and arbitrary file upload. The writeup provides technical details and proof-of-concept URLs for exploitation.

Classification

Writeup 100%

Attack Type

Xss | Sqli | Other

Complexity

Trivial

Reliability

Reliable

Target: ferretCMS v1.0.4-alpha

No auth needed

Prerequisites: Access to the administrative backend or login form

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Issue Tracking x_refsource_misc

https://github.com/JRogaishio/ferretCMS/issues/63

Exploit mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2015/01/23/3

Scores

EPSS 0.0095

EPSS Percentile 56.7%

Details

CWE

CWE-352

Status published

Products (1)

ferretcms_project/ferretcms 1.0.4 alpha

Published Jan 27, 2015

Tracked Since Feb 18, 2026