Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hi, I would like to report CSRF vulnerability in JuQingCMS V1.0. There is a CSRF vulnerability that can be added to modify administrator accounts. POC: 1.Login to administrator panel. 2.Open below URL in browser which supports flash. url:http://localhost/admin/index.php?c=administrator&a=add http://localhost/admin/index.php?c=administrator&a=edit eg: 1.Before modification 2.CSRF POC csrf1.txt 3.After modification
fix: Sensitive operations require validation codes, and changing passwords requires validation of old passwords.
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Hi, I would like to report CSRF vulnerability in JuQingCMS V1.0.



There is a CSRF vulnerability that can be added to modify administrator accounts.
POC:
1.Login to administrator panel.
2.Open below URL in browser which supports flash.
url:http://localhost/admin/index.php?c=administrator&a=add
http://localhost/admin/index.php?c=administrator&a=edit
eg:
1.Before modification
2.CSRF POC
csrf1.txt
3.After modification
fix:
Sensitive operations require validation codes, and changing passwords requires validation of old passwords.
The text was updated successfully, but these errors were encountered: