WebfolioCMS <= 1.1.4 CSRF (Add Admin/Modify Pages)

Posted on martedì 28 febbraio 2012 by Ivano Binetti

Today I've discovered a new CSRF vulnerability which affects WebfolioCMS 1.1.4 (and lower) and which allows to modify any parameter. In my Advisory I've demonstrated how to add a new administrator account and how to modify a published web page.

Download my Original Advisory

Some other pubblication related to this vulnerability:
http://packetstormsecurity.org/files/110294/WebfolioCMS-1.1.4-Cross-Site-Request-Forgery.html
http://www.exploit-db.com/exploits/18536/

0 Responses to "WebfolioCMS <= 1.1.4 CSRF (Add Admin/Modify Pages)":