CVE-2016-20053

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

5.3 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N                                    

Vulnerability Description

Redaxo CMS 5.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by tricking authenticated administrators into visiting malicious pages. Attackers can craft HTML forms targeting the users endpoint with hidden fields containing admin credentials and account parameters to add new administrator accounts without user consent.

Vulnerability Details

Published Date

April 04, 2026

Last Modified

April 07, 2026

CWE ID

CWE-352

Source

NVD

Vendor

Redaxo

Product

Redaxo CMS

External References

https://www.exploit-db.com/exploits/40708
https://www.vulncheck.com/advisories/redaxo-cms-cross-site-request-forgery-via-users-endpoint

CVE-2016-20053

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment