Unrated severityNVD Advisory· Published Jul 3, 2014· Updated May 6, 2026

CVE-2014-4718

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Lunar CMS before 3.3-3 allow remote attackers to hijack the authentication of administrators for requests that (1) add Super users via a request to admin/user_create.php or conduct cross-site scripting (XSS) attacks via the (2) email or (3) subject parameter in contact_form.ext.php to admin/extensions.php.

Affected products

Lunarcms/Lunar CMS4 versions
cpe:2.3:a:lunarcms:lunar_cms:*:1:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:lunarcms:lunar_cms:*:1:*:*:*:*:*:*range: <=3.3
- cpe:2.3:a:lunarcms:lunar_cms:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:lunarcms:lunar_cms:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:lunarcms:lunar_cms:3.3:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lunarcms.com/Get.htmlnvdPatch
packetstormsecurity.com/files/127188/Lunar-CMS-3.3-CSRF-Cross-Site-Scripting.htmlnvdExploit
www.exploit-db.com/exploits/33830nvdExploit
osvdb.org/show/osvdb/108350nvd
osvdb.org/show/osvdb/108351nvd
secunia.com/advisories/59411nvd
www.securityfocus.com/bid/68153nvd
www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5188.phpnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000