vendor:
PHP Link Directory
by:
AtT4CKxT3rR0r1ST
8.8
CVSS
HIGH
CSRF
352
CWE
Product Name: PHP Link Directory
Affected Version From: 4.1.2000
Affected Version To: 4.1.2000
Patch Exists: NO
Related CWE: N/A
CPE: a:phplinkdirectory:phplinkdirectory:4.1.0
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020
PHP Link Directory v4.1.0 CSRF Vulnerability (Add Admin)
PHP Link Directory v4.1.0 is vulnerable to CSRF which allows an attacker to add an admin user to the application. The attacker can craft a malicious HTML page containing a form with hidden fields that when visited by an authenticated user, will submit the form and add an admin user to the application.
Mitigation:
The application should implement a CSRF token to verify the authenticity of the request.