Unrated severityNVD Advisory· Published Nov 17, 2014· Updated May 6, 2026

CVE-2014-8953

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Php Scriptlerim Who's Who script allow remote attackers to hijack the authentication of administrators or requests that (1) add an admin account via a request to filepath/yonetim/plugin/adminsave.php or have unspecified impact via a request to (2) ayarsave.php, (3) uyesave.php, (4) slaytadd.php, or (5) slaytsave.php.

Affected products

Phpscriptlerim/PHP Scriptlerim Who\'s Who
cpe:2.3:a:phpscriptlerim:php_scriptlerim_who\'s_who:-:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/129102/Whos-Who-Script-Cross-Site-Request-Forgery.htmlnvdExploit
www.exploit-db.com/exploits/35129nvdExploit
exchange.xforce.ibmcloud.com/vulnerabilities/98631nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000