| 标题 | Greencms https://github.com/GreenCMS/GreenCMS V2.3 CSRF Vulnerability |
|---|
| 描述 | •A CSRF vulnerability allows attackers to impersonate legitimate users and perform unauthorized actions on trusted websites where the users are already logged in. Examples include tampering with account information, initiating fund transfers, and publishing malicious content.
•The severity of the damage depends on the user's permissions: the accounts of ordinary users may be compromised, while the exploitation of an administrator account could lead to a full system compromise, undermining data security and damaging the platform's reputation.
Vulnerability description
•The /IndexController.class.php file in Greencms v2.3 contains a CSRF vulnerability. Attackers can use Burp Suite to generate a CSRF PoC page with malicious parameters, tricking logged-in users (especially administrators) into visiting it. The page automatically submits POST requests, altering user information such as nicknames, email addresses, and personal profiles (e.g., to test123 or [email protected]). Since the system lacks CSRF token verification, the attack can be executed successfully. While regular user accounts may be compromised, administrator accounts could be affected, potentially leading to system collapse and severely jeopardizing data security and platform credibility. |
|---|
| 来源 | ⚠️ https://github.com/ueh1013/VULN/issues/6 |
|---|
| 用户 | Blackooo (UID 93743) |
|---|
| 提交 | 2025-12-27 11時34分 (4 月前) |
|---|
| 管理 | 2025-12-28 14時10分 (1 day later) |
|---|
| 状态 | 重复 |
|---|
| VulDB条目 | 118621 [GreenCMS 2.3.0603 index.php?m=admin&c=media&a=fileconnect content 跨网站请求伪造] |
|---|
| 积分 | 0 |
|---|