Unrated severityNVD Advisory· Published May 25, 2010· Updated Apr 29, 2026
CVE-2010-2039
CVE-2010-2039
Description
Cross-site request forgery (CSRF) vulnerability in gpEasy CMS 1.6.2, 1.6.1, and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative users via an Admin_Users action to index.php. NOTE: some of these details are obtained from third party information.
Affected products
13cpe:2.3:a:gpeasy:gpeasy_cms:*:*:*:*:*:*:*:*+ 12 more
- cpe:2.3:a:gpeasy:gpeasy_cms:*:*:*:*:*:*:*:*range: <=1.6.2
- cpe:2.3:a:gpeasy:gpeasy_cms:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:gpeasy:gpeasy_cms:1.5:rc2:*:*:*:*:*:*
- cpe:2.3:a:gpeasy:gpeasy_cms:1.5:rc3:*:*:*:*:*:*
- cpe:2.3:a:gpeasy:gpeasy_cms:1.5:rc4:*:*:*:*:*:*
- cpe:2.3:a:gpeasy:gpeasy_cms:1.6:*:*:*:*:*:*:*
- cpe:2.3:a:gpeasy:gpeasy_cms:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:gpeasy:gpeasy_cms:1.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:gpeasy:gpeasy_cms:1.6:rc1:*:*:*:*:*:*
- cpe:2.3:a:gpeasy:gpeasy_cms:1.6:rc2:*:*:*:*:*:*
- cpe:2.3:a:gpeasy:gpeasy_cms:1.6:rc3:*:*:*:*:*:*
- cpe:2.3:a:gpeasy:gpeasy_cms:1.6:rc4:*:*:*:*:*:*
- cpe:2.3:a:gpeasy:gpeasy_cms:1.6:rc5:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- packetstormsecurity.org/1004-exploits/gpeasy-xsrf.txtnvdExploit
- www.exploit-db.com/exploits/12441nvdExploit
- secunia.com/advisories/39643nvdVendor Advisory
- www.vupen.com/english/advisories/2010/1030nvdVendor Advisory
- www.osvdb.org/64130nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/58214nvd
News mentions
0No linked articles in our index yet.