WebfolioCMS <= 1.1.4 CSRF (Add Admin/Modify Pages)

Posted on martedì 28 febbraio 2012 by Ivano Binetti

Today I've discovered a new CSRF vulnerability which affects WebfolioCMS 1.1.4 (and lower) and which allows to modify any parameter. In my Advisory I've demonstrated how to add a new administrator account and how to modify a published web page.

Download my Original Advisory

Some other pubblication related to this vulnerability:

0 Responses to "WebfolioCMS <= 1.1.4 CSRF (Add Admin/Modify Pages)":