Headline
CVE-2022-41500: EyouCMS v1.5.9 has a vulnerability, Cross-site request forgery(CSRF) · Issue #27 · weng-xianhu/eyoucms
EyouCMS V1.5.9 was discovered to contain multiple Cross-Site Request Forgery (CSRF) vulnerabilities via the Members Center, Editorial Membership, and Points Recharge components.
A security vulnerability exists in EyouCMS V1.5.9 in the backend, Members Center, Editing Membership, and Points Top-up.
- Enter the background - > member center - > edit member - > points recharge, as shown in the figure:
Grab the recharge request package and construct it, as shown below:
Open and enter the background page in the browser to view the user test01 points:
- Click on the constructed web page:
The figure above shows the page that automatically jumps after successful execution to check whether the points have increased: