CVE-2015-2680

Published March 23rd, 2015

View on NVD ↗

CVSS v3

N/A

CVSS v2

6.8

MEDIUM

Affected

PROJECT

Description

Cross-site request forgery (CSRF) vulnerability in MetalGenix GeniXCMS before 0.0.2 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a request in the users page to gxadmin/index.php.

GeniXCMS/GeniXCMS

Simple and Lightweight CMS Framework

GitHub