New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CSRF Vulnerability v1.6 #15
Comments
|
Thanks, I will add token. |
|
@boiteasite Thank you for your attention to security Problem ! |
|
@boiteasite Can I use this Security Issue apply for a CVE Number ? |
|
No problem. |
|
has this been patched? |
|
Yes, patched. Version 1.6.1. Regards |
|
CVE-2020-15600 has been assigned for this issue. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Affected software: Cmsuno CMS
Type of vulnerability: CSRF (Cross-Site Request Forgery)
Discovered by: Noth
Author: Noth
Version : v.1.6
Description: Cmsuno CMS is vulnerable to persistent Cross-Site Request Forgery attacks, which allow malicious users to inject HTML or scripts and forge user permissions to operate .
Vulnerable URL:
http://127.0.0.1/cmsuno-master/uno.php
Step 1 : go to uno.php
Step 2 : Use burpsuite to intercept packets
Step 3 : Generate PoC

Test Video :
https://drive.google.com/file/d/1ueOxpMRr632gxjDyn-7t8nWlm13iQXgH/view?usp=sharing
No CSRF Token so that can login to the system .
The text was updated successfully, but these errors were encountered: