-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIA Semantic Attack on Google Gemini - Read the Latest Research
A Semantic Attack on Google Gemini - Read the Latest Research
Miggo AI
Miggo AIRoot Cause AnalysisThe vulnerability allows CSRF-based account creation via POST to /user/add. The PoC demonstrates a form submission without CSRF tokens being required. In Elefant CMS architecture, form handlers typically reside in apps/[appname]/handlers/ paths. The user/add endpoint would map to User::add handler which lacked CSRF protection before v2.0.5. The high confidence comes from the working PoC and the fact that CSRF vulnerabilities typically stem from missing anti-CSRF protections in form handlers.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| elefant/cms | composer | < 2.0.5 | 2.0.5 |