boiteasite
commented
4 years ago Thanks, I will add token. Regards
Closed zxc7528064 closed 4 years ago
boiteasite
commented
4 years ago Thanks, I will add token. Regards
zxc7528064
commented
4 years ago @boiteasite Thank you for your attention to security Problem !
zxc7528064
commented
4 years ago @boiteasite Can I use this Security Issue apply for a CVE Number ?
boiteasite
commented
4 years ago No problem.
karneaud
commented
4 years ago has this been patched?
boiteasite
commented
4 years ago Yes, patched. Version 1.6.1.
Regards
fgeek
commented
3 years ago CVE-2020-15600 has been assigned for this issue.
Affected software: Cmsuno CMS
Type of vulnerability: CSRF (Cross-Site Request Forgery)
Discovered by: Noth
Author: Noth
Version : v.1.6
Description: Cmsuno CMS is vulnerable to persistent Cross-Site Request Forgery attacks, which allow malicious users to inject HTML or scripts and forge user permissions to operate .
Vulnerable URL: http://127.0.0.1/cmsuno-master/uno.php
Step 1 : go to uno.php
Step 2 : Use burpsuite to intercept packets
Step 3 : Generate PoC
Test Video : https://drive.google.com/file/d/1ueOxpMRr632gxjDyn-7t8nWlm13iQXgH/view?usp=sharing
No CSRF Token so that can login to the system .