Exploits / Vulnerability Discovered : 2019-04-22 |
Type : webapps |
Platform : php
This exploit / vulnerability 74cms 5.0.1 crosssite request forgery (add new admin user) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: 74CMS v5.0.1 has a CSRF vulnerability to add a new admin user
# Date: 2019-04-14
# Exploit Author: ax8
# Vendor Homepage: https://github.com/Li-Siyuan
# Software Link: http://www.74cms.com/download/index.html
# Version: v5.0.1
# CVE : CVE-2019-11374
74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin&c=admin&a=add URI.