CVE-2014-100025

Name of the Vulnerable Software and Affected Versions Savsoft Quiz (affected versions not specified)

Description A cross-site request forgery (CSRF) issue exists in the index.php/user data/insert user endpoint, allowing remote attackers to hijack administrator authentication for requests that create new administrator accounts via crafted requests. This can be achieved by exploiting the index.php/user data/insert user API endpoint.

Recommendations As a temporary workaround, consider disabling the insert user functionality in the index.php/user data/insert user endpoint until a patch is available. Restrict access to the index.php/user data/insert user endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.