Exploits / Vulnerability Discovered : 2018-06-21 |
Type : webapps |
Platform : php
This exploit / vulnerability Lfcms 3.7.0 crosssite request forgery (add admin) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: A CSRF vulnerability exists in LFCMS_3.7.0: administrator account can be added arbitrarily.
# Date: 2018-06-20
# Exploit Author: bay0net
# Vendor Homepage: https://www.cnblogs.com/v1vvwv/p/9203899.html
# Software Link: http://www.lfdycms.com/home/down/index/id/26.html
# Version: 3.7.0
# CVE : CVE-2018-12603
A CSRF vulnerability exists in LFCMS_3.7.0: administrator account can be added arbitrarily.