CVE-2013-2754

Published: Mar 11, 2014Modified: May 6, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in Umisoft UMI.CMS before 2.9 build 21905 allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via a request to admin/users/add/user/do/.

Affected (35)

Products: Umi Cms: Umi.cms

Umi Cms

1 product

Umi.cms

Configuration A

35 vulnerable

Vulnerable Software	Affected Versions
Umi Cms Umi.cms	Up to 2.9
Umi Cms Umi.cms	Version 2.3.3.9
Umi Cms Umi.cms	Version 2.5.0
Umi Cms Umi.cms	Version 2.5.2
Umi Cms Umi.cms	Version 2.5.3
Umi Cms Umi.cms	Version 2.6.1
Umi Cms Umi.cms	Version 2.6.2
Umi Cms Umi.cms	Version 2.6.3
Umi Cms Umi.cms	Version 2.6.4
Umi Cms Umi.cms	Version 2.6.5
Umi Cms Umi.cms	Version 2.6.7
Umi Cms Umi.cms	Version 2.6.8
Umi Cms Umi.cms	Version 2.6
Umi Cms Umi.cms	Version 2.7.0
Umi Cms Umi.cms	Version 2.7.2
Umi Cms Umi.cms	Version 2.7.3
Umi Cms Umi.cms	Version 2.7.4
Umi Cms Umi.cms	Version 2.8.0.5
Umi Cms Umi.cms	Version 2.8.0
Umi Cms Umi.cms	Version 2.8.1.2
Umi Cms Umi.cms	Version 2.8.1.3
Umi Cms Umi.cms	Version 2.8.1
Umi Cms Umi.cms	Version 2.8.2
Umi Cms Umi.cms	Version 2.8.3
Umi Cms Umi.cms	Version 2.8.4.1
Umi Cms Umi.cms	Version 2.8.4.2
Umi Cms Umi.cms	Version 2.8.4.3
Umi Cms Umi.cms	Version 2.8.4.4
Umi Cms Umi.cms	Version 2.8.4
Umi Cms Umi.cms	Version 2.8.5.1
Umi Cms Umi.cms	Version 2.8.5.2
Umi Cms Umi.cms	Version 2.8.5.3
Umi Cms Umi.cms	Version 2.8.5
Umi Cms Umi.cms	Version 2.8.6.1
Umi Cms Umi.cms	Version 2.8.6