CVE-2015-4460
c2box < 4.0.0 - Cross-Site Request Forgery in UserManagement.aspx
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2015-4460. PoCs published by Wissam Bashour.
AI-analyzed exploit summary This is a working proof-of-concept for a CSRF vulnerability in C2Box that allows an attacker to add an admin user or reset passwords by tricking an authenticated admin into visiting a malicious page.
Description
Cross-site request forgery (CSRF) vulnerability in SecuritySetting/UserSecurity/UserManagement.aspx in B.A.S C2Box before 4.0.0 (r19171) allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via certain vectors.
Exploits (1)
This is a working proof-of-concept for a CSRF vulnerability in C2Box that allows an attacker to add an admin user or reset passwords by tricking an authenticated admin into visiting a malicious page.