CVE-2019-11375

MEDIUM

Msvod v10 - Cross-Site Request Forgery via admin/member/edit.html

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-11375. PoCs published by ax8.

AI-analyzed exploit summary This is a CSRF (Cross-Site Request Forgery) proof-of-concept exploit targeting Msvod v10. It demonstrates how an attacker can change user information, including credentials and account status, by tricking an authenticated admin into submitting a malicious form.

Description

Msvod v10 has a CSRF vulnerability to change user information via the admin/member/edit.html URI.

Exploits (1)

exploitdb WORKING POC
by ax8 · htmlwebappsphp
https://www.exploit-db.com/exploits/46739

This is a CSRF (Cross-Site Request Forgery) proof-of-concept exploit targeting Msvod v10. It demonstrates how an attacker can change user information, including credentials and account status, by tricking an authenticated admin into submitting a malicious form.

Classification
Working Poc 100%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Msvod v10
Auth required
Prerequisites: Victim must be authenticated as an admin · Victim must visit the malicious HTML page
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
http://www.iwantacve.cn/index.php/archives/198/
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/46739/
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/152604/Msvod-10-Cross-Site-Request-Forgery.html

Scores

CVSS v3 6.5
EPSS 0.0027
EPSS Percentile 51.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

CWE
CWE-352
Status published
Products (1)
meisivod/msvod 10
Published Apr 20, 2019
Tracked Since Feb 18, 2026