Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
CSRF Privilege Escalation (Manipulation of Role Agent to Admin) Vulnerability on Faveo version Community 1.9.3 #446
Faveo have roles:
user id = 11 (role is agent)
We have low privilege as “agent” to access application, and then want to change be admin role.
--> I attach our screenshot and script CSRF: