Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-43323: EyouCMS v1.5.9 has a vulnerability, Cross-site request forgery(CSRF) · Issue #28 · weng-xianhu/eyoucms

EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Top Up Balance component under the Edit Member module.

CVE
#csrf#vulnerability

EyouCMS v1.5.9 has a vulnerability, Cross-site request forgery(CSRF).Located in the backend, member center, editing, Top up balance. To exploit this vulnerability, a quasi-prepared HTML file needs to be opened
1、Go to the background --> member center–> edit member–> Top up balance

2、Grab the request package for recharge and construct it

3、Open in another browser and go to the background page, see that the user test01 balance is 1000

4、Click on the structured page

The figure above shows the page that automatically jumps after successful execution to check whether the balance has increased?
The balance has increased by 1000:

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda