Cross Site Request Forgery- Frog CMS CVE ID : CVE-2018-8908
Cross Site Request Forgery- Frog CMS By- Samrat Das Hi Readers, Recently while performing some open source security assessment, I came across an CMS Application, “Frog CMS” . Curious to explore its functionalities, I set up a local copy and started playing around to find security vulnerabilities’. Title of the Vulnerability : Cross Site Request Forgery Vulnerability Class : Code Execution/ Privilege Escalation Technical Details & Description : The application source code is coded in a way which allows malicious HTML request to be executed without veryifying source of request.This leads to arbitary execution with malicous request which will lead to the creation of a privileged user. CVE ID allocated : - CVE-2018-8908 Product & Service Introduction : Frog CMS Steps to Re-Produce – 1. Visit the application 2. Visit the Add Users Page. 3. Craft an html page with all the details for an admin user creation and host it on a server 4.