Hi, I would like to report CSRF vulnerability in CatfishCMS V 4.8.63.
There is a CSRF vulnerability that can be get administrator permissions.
POC:
1.Login to administrator panel.
2.Open below URL in browser which supports flash.
url:http://www.catfish.com/index.php/admin/Index/manageuser.html
eg:
1.Before modification
xwlrbh
commented
5 years ago
Hi, I would like to report CSRF vulnerability in CatfishCMS V 4.8.63. There is a CSRF vulnerability that can be get administrator permissions. POC: 1.Login to administrator panel. 2.Open below URL in browser which supports flash. url:http://www.catfish.com/index.php/admin/Index/manageuser.html eg: 1.Before modification
2.CSRF POC csrf.txt
3.After modification
fix: Sensitive operations add token validation.