Van Lam Nguyen - Security Researcher - Exploit Intelligence Platform

CVE-2023-34927 EXPLOITDB MEDIUM text WORKING POC

Casdoor < 1.331.0 - Cross-Site Request Forgery via Password Reset Endpoint

Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password. This vulnerability allows attackers to arbitrarily change the victim user's password via supplying a crafted URL.

CVSS 6.5

View Code

CVE-2023-34927 EXPLOITDB MEDIUM text WORKING POC

Casdoor < 1.331.0 - Cross-Site Request Forgery via Password Reset Endpoint

Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password. This vulnerability allows attackers to arbitrarily change the victim user's password via supplying a crafted URL.

CVSS 6.5

View Code

EIP-2026-100972 EXPLOITDB html WORKING POC

Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)

View Code

CVE-2023-34927 EXPLOITDB MEDIUM text WORKING POC

Casdoor < 1.331.0 - Cross-Site Request Forgery via Password Reset Endpoint

Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password. This vulnerability allows attackers to arbitrarily change the victim user's password via supplying a crafted URL.

CVSS 6.5

View Code