Cross-Site Request Forgery in 74CMS by 74CMS Team
CVE-2019-11374
Key Information:
Badges
What is CVE-2019-11374?
74CMS v5.0.1 is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability, which allows attackers to create new admin accounts without proper authorization through a specific request to the index.php endpoint. This flaw exposes administrators to the risk of unauthorized access and potential system compromise, highlighting the necessity for immediate patches and security measures to protect against unauthorized administrative actions.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
EPSS Score
9% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
