ModStartCMS V4.6.0 has a vulnerability, Cross-site request forgery(CSRF)

Build ModStartCMSv4.6.0 locally
Background, background permissions -> administrator -> add
![image](https://user-images.githubusercontent.com/56543516/186383826-46abeeb4-426d-4a41-b286-618908c61b41.png)
Click to add a user test
![image](https://user-images.githubusercontent.com/56543516/186384208-bd11b287-0d2e-4833-af26-2fec9681a174.png)
packet capture
![image](https://user-images.githubusercontent.com/56543516/186391707-e8b730d7-3526-45ae-bd12-37a3e74aa1f8.png)
send csrf poc
![image](https://user-images.githubusercontent.com/56543516/186391984-993dcc8b-8b87-4938-9b26-b2fed15e7661.png)
![image](https://user-images.githubusercontent.com/56543516/186392554-097634a4-b7aa-4181-b4df-9111b75c18ed.png)
![image](https://user-images.githubusercontent.com/56543516/186392049-88ec54d8-8c09-47e4-af66-853884563d1a.png)
Click to send，refresh background
![image](https://user-images.githubusercontent.com/56543516/186394050-c0a2b966-3341-44ed-b08a-b2b752b074cd.png)
![image](https://user-images.githubusercontent.com/56543516/186392572-e958421e-7684-419c-a55c-e022c2648f93.png)
New administrator test appears


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

ModStartCMS V4.6.0 has a vulnerability, Cross-site request forgery(CSRF) #3

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

ModStartCMS V4.6.0 has a vulnerability, Cross-site request forgery(CSRF) #3

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions