cms icon indicating copy to clipboard operation
cms copied to clipboard

Published 20 hours ago verified publisher icon gleez

There is a CSRF vulnerability that can add the administrator account

Open Rambo-996 opened this issue 6 years ago • 2 comments

After the administrator logged in, open the following page to add an administrator. poc:

Rambo-996 avatar Aug 10 '18 10:08 Rambo-996

Thank you for pointing the vulnerability. Could you apply a fix?

On 10-Aug-2018, at 3:44 PM, Vict00r [email protected] wrote:

After the administrator logged in, open the following page to add an administrator. poc:

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

anupriya17 avatar Aug 10 '18 10:08 anupriya17

You can add an token in your form or url to avoid this kind of vulnerability. I think that is the most easy way.

Rambo-996 avatar Aug 10 '18 10:08 Rambo-996