vendor:
Matrimony Script
by:
bi0
8.8
CVSS
HIGH
Cross-Site Request Forgery (CSRF)
352
CWE
Product Name: Matrimony Script
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009
Matrimony Script CSRF Vulnerability
This exploit allows an attacker to create a new admin staff on the server by sending a maliciously crafted request. The request contains the name, username, password, email, and status of the new admin staff. The status is set to 'Active' by default.
Mitigation:
Implementing CSRF protection mechanisms such as tokens, same-site cookies, and CAPTCHAs can help mitigate the risk of CSRF attacks.