Exploits / Vulnerability Discovered : 2019-03-12 |
Type : webapps |
Platform : php
This exploit / vulnerability Piluscart 1.4.1 crosssite request forgery (add admin) is for educational purposes only and if it is used you will do on your own risk!
PilusCart 1.4.1 is vulnerable to CSRF attack meaning that if an admin user can be tricked to visit a crafted URL created by attacker (via spear phishing/social engineering), a form will be submitted that will add a new user as administrator.