Cross-Site Request Forgery in Savsoft Quiz Affects Administrator Authentication
CVE-2014-100025

Currently unrated

Key Information:

Vendor: Savsoft Technologies
Status: Savsoft Quiz
Vendor: CVE Published:; 13 January 2015

🔔 Create Savsoft Technologies Vulnerability Alert

What is CVE-2014-100025?

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Savsoft Quiz application, specifically within the index.php/user_data/insert_user endpoint. This flaw permits remote attackers to manipulate authenticated sessions, thereby enabling unauthorized actions such as the creation of administrator accounts through maliciously crafted requests. If exploited, this vulnerability poses significant risks to system integrity by allowing attackers to bypass authentication controls and gain administrative privileges.

References

http://www.securityfocus.com/bid/66287

vdb-entryx_refsource_BID

http://packetstormsecurity.com/files/125379

x_refsource_MISC

http://secunia.com/advisories/57102

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 13, 2015
Vulnerability Reserved
Jan 13, 2015

CVE-2014-100025 Data

JSON