vendor:
Ez News Manager / Ez News Manager Pro
by:
Milos Zivanovic
3.3
CVSS
MEDIUM
XSRF Change Admin Password
352
CWE
Product Name: Ez News Manager / Ez News Manager Pro
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: PHP
2009
Ez News Manager / Pro – XSRF Change Admin Password
Ez News Manager and Ez News Manager Pro scripts lack of cross site request forgery protection, allowing us to make exploit to change admin password. This exploit works with both scripts.
Mitigation:
Implement Cross-Site Request Forgery (CSRF) protection.