Exploits / Vulnerability Discovered : 2019-11-18 |
Type : webapps |
Platform : php
This exploit / vulnerability Tematres 3.0 crosssite request forgery (add admin) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: TemaTres 3.0 — Cross-Site Request Forgery (Add Admin)
# Author: Pablo Santiago
# Date: 2019-11-14
# Vendor Homepage: https://www.vocabularyserver.com/
# Source: https://sourceforge.net/projects/tematres/files/TemaTres%203.0/tematres3.0.zip/download
# Version: 3.0
# CVE : 2019–14345
# Reference:https://medium.com/@Pablo0xSantiago/cve-2019-14345-ff6f6d9fd30f
# Tested on: Windows 10
# Description:
# Web application for management formal representations of knowledge,
# thesauri, taxonomies and multilingual vocabularies / Aplicación para
# la gestión de representaciones formales del conocimiento, tesauros,
# taxonomías, vocabularios multilingües.