vendor:
SocialCMS
by:
Ivano Binetti
5.5
CVSS
MEDIUM
CSRF
352
CWE
Product Name: SocialCMS
Affected Version From: 1.0.2
Affected Version To: 1.0.2
Patch Exists: NO
Related CWE:
CPE: a:socialcms:socialcms:1.0.2
Platforms Tested: Debian Squeeze (6.0)
2012
Socialcms CSRF Vulnerability
This exploit allows an attacker to add an admin account using CSRF vulnerability in SocialCMS. By submitting a crafted form, the attacker can create a new admin account without proper authentication.
Mitigation:
To mitigate this vulnerability, it is recommended to implement proper CSRF protection mechanisms, such as using anti-CSRF tokens, to validate and authenticate user requests.