CVE-2015-1424

Gecko CMS 2.2-2.3 - Cross-Site Request Forgery via Admin User Creation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-1424. PoCs published by LiquidWorm.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in Gecko CMS 2.3, including CSRF for admin creation, stored and reflected XSS, and SQL injection. It provides specific payloads and parameters for exploitation.

Description

Cross-site request forgery (CSRF) vulnerability in Gecko CMS 2.2 and 2.3 allows remote attackers to hijack the authentication of administrators for requests that add an administrator user via a newuser request to admin/index.php.

Exploits (1)

exploitdb WORKING POC
by LiquidWorm · textwebappsphp
https://www.exploit-db.com/exploits/35767

The exploit demonstrates multiple vulnerabilities in Gecko CMS 2.3, including CSRF for admin creation, stored and reflected XSS, and SQL injection. It provides specific payloads and parameters for exploitation.

Classification
Working Poc 100%
Attack Type
Xss | Sqli | Csrf
Complexity
Trivial
Reliability
Reliable
Target: Gecko CMS 2.3 and 2.2
Auth required
Prerequisites: Access to admin interface · Valid session for CSRF
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/35767
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/99974
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/show/osvdb/116966

Scores

EPSS 0.0232
EPSS Percentile 81.2%

Details

CWE
CWE-352
Status published
Products (2)
jakweb/gecko_cms 2.2
jakweb/gecko_cms 2.3
Published Jan 29, 2015
Tracked Since Feb 18, 2026