Skip to content

wellcms v2.2.0 has a vulnerability, Cross-site request forgery(CSRF) #11

Open
@zhangzhijie98

Description

version:2.2.0
position:Background - > manage users - > create users
image
image
add a new users, and grab a package.
image
image
use CSRF poc,and drop the package.
image
image
submit request.
image
image
success add a new user(administrator).
image

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions