Exploits / Vulnerability Discovered : 2018-08-27 |
Type : webapps |
Platform : php
This exploit / vulnerability Gleez cms 1.2.0 crosssite request forgery (add admin) is for educational purposes only and if it is used you will do on your own risk!
# Description:
# There is a CSRF vulnerability that can add an administrator account in
# Gleez CMS 1.2.0 via admin/users/add. (https://github.com/gleez/cms/issues/800)
# After the administrator logged in,open the POC,that will create an new admin account unexcused.
# POC: