Headline

CVE-2022-44849: MetInfohas v7.7 a vulnerability, Cross-site request forgery(CSRF) · Issue #I5YM81 · 米拓企业建站系统/MetInfo - Gitee.com

A Cross-Site Request Forgery (CSRF) in the Administrator List of MetInfo v7.7 allows attackers to arbitrarily add Super Administrator account.

2 years ago

CVE

Open in Source

#csrf #vulnerability #git

version: 7.7

![version: 7.7](https://foruda.gitee.com/images/1667204368631558429/1ee844ae_11681922.png “屏幕截图”)

The issue in the background - > User Management - > administrator list

![The issue in the background - > User Management - > administrator](https://foruda.gitee.com/images/1667204448026559425/ee135f1b_11681922.png “屏幕截图”)

add a administrator and grab a package.

![add a administrator and grab a package.](https://foruda.gitee.com/images/1667204550580752086/0213ded5_11681922.png “屏幕截图”)

use CSRF poc and drop the package.

![use CSRF poc and drop the package.](https://foruda.gitee.com/images/1667204606590730592/ec66fd10_11681922.png “屏幕截图”)

![](https://foruda.gitee.com/images/1667204660856834565/85a10beb_11681922.png “屏幕截图”)

submit

![submit](https://foruda.gitee.com/images/1667204733528535277/766b560e_11681922.png “屏幕截图”)

![](https://foruda.gitee.com/images/1667204777484913624/5d7bc909_11681922.png “屏幕截图”)

Super administrator added successfully

![Super administrator added successfully](https://foruda.gitee.com/images/1667204805808722530/5b6913a6_11681922.png “屏幕截图”)

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago