CVE-2015-4460

c2box < 4.0.0 - Cross-Site Request Forgery in UserManagement.aspx

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-4460. PoCs published by Wissam Bashour.

AI-analyzed exploit summary This is a working proof-of-concept for a CSRF vulnerability in C2Box that allows an attacker to add an admin user or reset passwords by tricking an authenticated admin into visiting a malicious page.

Description

Cross-site request forgery (CSRF) vulnerability in SecuritySetting/UserSecurity/UserManagement.aspx in B.A.S C2Box before 4.0.0 (r19171) allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via certain vectors.

Exploits (1)

exploitdb WORKING POC
by Wissam Bashour · textwebappsasp
https://www.exploit-db.com/exploits/37447

This is a working proof-of-concept for a CSRF vulnerability in C2Box that allows an attacker to add an admin user or reset passwords by tricking an authenticated admin into visiting a malicious page.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: C2Box versions below 4.0.0(r19171)
Auth required
Prerequisites: Victim must be authenticated as an admin · Victim must visit the malicious page
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/37447/
Exploit mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/535861/30/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/75569

Scores

EPSS 0.0266
EPSS Percentile 83.8%

Details

CWE
CWE-352
Status published
Products (1)
boxautomation/c2box < 4.0.0
Published Jul 16, 2015
Tracked Since Feb 18, 2026