216.73.217.176

CVE-2016-20053

· Published 04/04/2026 14:16 · Modified 04/04/2026 14:16

Labels: CVE-2016-20053 2026-04-04CVE-2016-20053CWE-352[email protected]

Essential information

Published
04/04/2026 14:16
Modified
04/04/2026 14:16
Author
Creator
CVSS
6.9 MEDIUM (v3) 6.9 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Redaxo CMS 5.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by tricking authenticated administrators into visiting malicious pages. Attackers can craft HTML forms targeting the users endpoint with hidden fields containing admin credentials and account parameters to add new administrator accounts without user consent.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
redaxo / redaxo cms cpe:2.3:a:redaxo:redaxo_cms:5.2:*:*:*:*:*:*:*

References