mirror of
https://github.com/0xMarcio/cve.git
synced 2026-03-13 02:26:08 +00:00
764 B
764 B
CVE-2009-1771
Description
index.php in Flyspeck CMS 6.8 does not require administrative authentication for the updateExistingContent action, which allows remote attackers to create or modify admin accounts via the (1) users[fullname], (2) users[email], (3) users[role_id], (4) users[username], and (5) users[password] parameters.
POC
Reference
Github
No PoCs found on GitHub currently.