vendor:
CMSsite
by:
Mr Winst0n
N/A
CVSS
MEDIUM
Cross-Site Request Forgery (CSRF)
352
CWE
Product Name: CMSsite
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: Kali Linux, Windows 8.1
2019
CMSsite 1.0 – Cross-Site Request Forgery (Delete Admin)
This exploit allows an attacker to perform a CSRF attack on the CMSsite 1.0 application. By submitting a form, the attacker can delete an admin user without authentication.
Mitigation:
Implement CSRF tokens in all form submissions to prevent CSRF attacks. Validate user authentication and authorization before performing any sensitive actions.