mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
764 B
764 B
CVE-2009-1771
Description
index.php in Flyspeck CMS 6.8 does not require administrative authentication for the updateExistingContent action, which allows remote attackers to create or modify admin accounts via the (1) users[fullname], (2) users[email], (3) users[role_id], (4) users[username], and (5) users[password] parameters.
POC
Reference
Github
No PoCs found on GitHub currently.