Unrated severityNVD Advisory· Published May 25, 2010· Updated Jun 16, 2026
CVE-2010-2039
CVE-2010-2039
Description
Cross-site request forgery (CSRF) vulnerability in gpEasy CMS 1.6.2, 1.6.1, and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative users via an Admin_Users action to index.php. NOTE: some of these details are obtained from third party information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
14cpe:2.3:a:gpeasy:gpeasy_cms:*:*:*:*:*:*:*:*+ 13 more
- cpe:2.3:a:gpeasy:gpeasy_cms:*:*:*:*:*:*:*:*range: <=1.6.2
- cpe:2.3:a:gpeasy:gpeasy_cms:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:gpeasy:gpeasy_cms:1.5:rc2:*:*:*:*:*:*
- cpe:2.3:a:gpeasy:gpeasy_cms:1.5:rc3:*:*:*:*:*:*
- cpe:2.3:a:gpeasy:gpeasy_cms:1.5:rc4:*:*:*:*:*:*
- cpe:2.3:a:gpeasy:gpeasy_cms:1.6:*:*:*:*:*:*:*
- cpe:2.3:a:gpeasy:gpeasy_cms:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:gpeasy:gpeasy_cms:1.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:gpeasy:gpeasy_cms:1.6:rc1:*:*:*:*:*:*
- cpe:2.3:a:gpeasy:gpeasy_cms:1.6:rc2:*:*:*:*:*:*
- cpe:2.3:a:gpeasy:gpeasy_cms:1.6:rc3:*:*:*:*:*:*
- cpe:2.3:a:gpeasy:gpeasy_cms:1.6:rc4:*:*:*:*:*:*
- cpe:2.3:a:gpeasy:gpeasy_cms:1.6:rc5:*:*:*:*:*:*
- (no CPE)range: <=1.6.2
Patches
Vulnerability mechanics
References
6- packetstormsecurity.org/1004-exploits/gpeasy-xsrf.txtnvdExploit
- www.exploit-db.com/exploits/12441nvdExploit
- secunia.com/advisories/39643nvdVendor Advisory
- www.vupen.com/english/advisories/2010/1030nvdVendor Advisory
- www.osvdb.org/64130nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/58214nvd
News mentions
0No linked articles in our index yet.