Closed zxc7528064 closed 4 years ago
Thanks, I will add token. Regards
@boiteasite Thank you for your attention to security Problem !
@boiteasite Can I use this Security Issue apply for a CVE Number ?
No problem.
has this been patched?
Yes, patched. Version 1.6.1.
Regards
CVE-2020-15600 has been assigned for this issue.
Affected software: Cmsuno CMS
Type of vulnerability: CSRF (Cross-Site Request Forgery)
Discovered by: Noth
Author: Noth
Version : v.1.6
Description: Cmsuno CMS is vulnerable to persistent Cross-Site Request Forgery attacks, which allow malicious users to inject HTML or scripts and forge user permissions to operate .
Vulnerable URL: http://127.0.0.1/cmsuno-master/uno.php
Step 1 : go to uno.php
Step 2 : Use burpsuite to intercept packets
Step 3 : Generate PoC
Test Video : https://drive.google.com/file/d/1ueOxpMRr632gxjDyn-7t8nWlm13iQXgH/view?usp=sharing
No CSRF Token so that can login to the system .