Vulnerability Details CVE-2017-9673
In SimpleCE 2.3.0, a CSRF vulnerability can be exploited to add an administrator account (via the index.php/user/new URI) or change its settings (via the index.php/user/1 URI), including its password.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 33.5%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.8
Products affected by CVE-2017-9673
-
cpe:2.3:a:simplece:simplece:2.3.0