Time And Expense Management System 3.0 Cross Site Request Forgery

Exploit Title: Time and Expense Management System 3.0 - Cross-Site Request Forgery Add Admin Dork: N/A Date: 2018-10-17 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.initechs.com/ Software Link: http://sourceforge.net/projects/tems/files/latest Version: 3.0 Category: Webapps Tested on:...

CVE-2018-16339

CVE-2018-16339 affects EmpireCMS 7.0 and is described as a Cross‑Site Request Forgery vulnerability that can add administrators via the endpoint upload/e/admin/user/AddUser.php?enews=AddUser. The connected documents confirm the affected product and the vulnerable action, but do not provide remedi...