VYPR
← All advisories
Unrated severityNVD Advisory· Published Mar 11, 2014· Updated May 6, 2026

CVE-2013-2754

CVE-2013-2754

Description

Cross-site request forgery (CSRF) vulnerability in Umisoft UMI.CMS before 2.9 build 21905 allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via a request to admin/users/add/user/do/.

Affected products

35
  • Umi Cms/Umi.CMS35 versions
    cpe:2.3:a:umi-cms:umi.cms:*:*:*:*:*:*:*:*+ 34 more
    • cpe:2.3:a:umi-cms:umi.cms:*:*:*:*:*:*:*:*range: <=2.9
    • cpe:2.3:a:umi-cms:umi.cms:2.3.3.9:*:*:*:*:*:*:*
    • cpe:2.3:a:umi-cms:umi.cms:2.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:umi-cms:umi.cms:2.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:umi-cms:umi.cms:2.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:umi-cms:umi.cms:2.6:*:*:*:*:*:*:*
    • cpe:2.3:a:umi-cms:umi.cms:2.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:umi-cms:umi.cms:2.6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:umi-cms:umi.cms:2.6.3:*:*:*:*:*:*:*
    • cpe:2.3:a:umi-cms:umi.cms:2.6.4:*:*:*:*:*:*:*
    • cpe:2.3:a:umi-cms:umi.cms:2.6.5:*:*:*:*:*:*:*
    • cpe:2.3:a:umi-cms:umi.cms:2.6.7:*:*:*:*:*:*:*
    • cpe:2.3:a:umi-cms:umi.cms:2.6.8:*:*:*:*:*:*:*
    • cpe:2.3:a:umi-cms:umi.cms:2.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:umi-cms:umi.cms:2.7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:umi-cms:umi.cms:2.7.3:*:*:*:*:*:*:*
    • cpe:2.3:a:umi-cms:umi.cms:2.7.4:*:*:*:*:*:*:*
    • cpe:2.3:a:umi-cms:umi.cms:2.8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:umi-cms:umi.cms:2.8.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:umi-cms:umi.cms:2.8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:umi-cms:umi.cms:2.8.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:umi-cms:umi.cms:2.8.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:umi-cms:umi.cms:2.8.2:*:*:*:*:*:*:*
    • cpe:2.3:a:umi-cms:umi.cms:2.8.3:*:*:*:*:*:*:*
    • cpe:2.3:a:umi-cms:umi.cms:2.8.4:*:*:*:*:*:*:*
    • cpe:2.3:a:umi-cms:umi.cms:2.8.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:umi-cms:umi.cms:2.8.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:umi-cms:umi.cms:2.8.4.3:*:*:*:*:*:*:*
    • cpe:2.3:a:umi-cms:umi.cms:2.8.4.4:*:*:*:*:*:*:*
    • cpe:2.3:a:umi-cms:umi.cms:2.8.5:*:*:*:*:*:*:*
    • cpe:2.3:a:umi-cms:umi.cms:2.8.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:umi-cms:umi.cms:2.8.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:umi-cms:umi.cms:2.8.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:umi-cms:umi.cms:2.8.6:*:*:*:*:*:*:*
    • cpe:2.3:a:umi-cms:umi.cms:2.8.6.1:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.