Headline
CVE-2022-44849: MetInfohas v7.7 a vulnerability, Cross-site request forgery(CSRF) · Issue #I5YM81 · 米拓企业建站系统/MetInfo - Gitee.com
A Cross-Site Request Forgery (CSRF) in the Administrator List of MetInfo v7.7 allows attackers to arbitrarily add Super Administrator account.
version: 7.7

The issue in the background - > User Management - > administrator list

add a administrator and grab a package.

use CSRF poc and drop the package.


submit


Super administrator added successfully
