CVE-2015-3624

ektron Content Management System < 9.1 - Cross-Site Request Forgery via Menu Actions Endpoint

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-3624. PoCs published by Jerold Hoong.

AI-analyzed exploit summary This is a proof-of-concept for a CSRF vulnerability in Ektron CMS 9.10 SP1 before build 9.1.0.184.1.120. It demonstrates how an attacker can trick an authenticated content administrator into submitting a request that deletes content and assets.

Description

Cross-site request forgery (CSRF) vulnerability in Test/WorkArea/DmsMenu/menuActions/MenuActions.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.120) allows remote attackers to hijack the authentication of content administrators for requests that delete content via a delete action.

Exploits (1)

exploitdb WORKING POC

by Jerold Hoong · textwebappsphp

https://www.exploit-db.com/exploits/37296

View Code ZIP pw:eip

This is a proof-of-concept for a CSRF vulnerability in Ektron CMS 9.10 SP1 before build 9.1.0.184.1.120. It demonstrates how an attacker can trick an authenticated content administrator into submitting a request that deletes content and assets.

Classification

Working Poc 100%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Ektron Content Management System <= 9.10 SP1 (Build 9.1.0.184.1.114)

Auth required

Prerequisites: Authenticated session of a content administrator · Victim must be tricked into submitting the form

MITRE ATT&CK

T1556.002 - Password Filter DLL

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/74937

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/37296/

Exploit x_refsource_misc

http://v00d00sec.com/2015/05/31/cve-2015-3624-csrf-and-xss-vulnerabilities-in-ektron-cms-9-10-sp1/

Exploit x_refsource_misc

http://packetstormsecurity.com/files/132104/Ektron-CMS-9.10-SP1-Cross-Site-Request-Forgery.html

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/535646/100/0/threaded

Scores

EPSS 0.0230

EPSS Percentile 81.1%

Details

CWE

CWE-352

Status published

Products (1)

ektron/ektron_content_management_system < 9.1

Published Jun 09, 2015

Tracked Since Feb 18, 2026