CVE-2020-23342

HIGH LAB

Anchor CMS 0.12.7 - Cross-Site Request Forgery in User Edit Function

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2020-23342. PoCs published by Ninad Mishra, DXY0411.

AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in Anchor CMS 0.12.7, allowing an attacker to delete a user by tricking an admin into clicking a malicious link. The exploit uses a simple GET request to delete a user with a specified ID.

Description

A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users.

Exploits (2)

exploitdb WORKING POC
by Ninad Mishra · htmlwebappsmultiple
https://www.exploit-db.com/exploits/49451

This exploit demonstrates a CSRF vulnerability in Anchor CMS 0.12.7, allowing an attacker to delete a user by tricking an admin into clicking a malicious link. The exploit uses a simple GET request to delete a user with a specified ID.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Anchor CMS 0.12.7
No auth needed
Prerequisites: Admin user must be tricked into clicking the malicious link
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by DXY0411 · poc
https://github.com/DXY0411/CVE-2020-23342

This repository contains a proof-of-concept exploit for CVE-2020-23342, targeting Anchor CMS. The exploit leverages a command injection vulnerability in the `composer_check.php` file, where the `exec` function is used unsafely to run `composer install`.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Anchor CMS (version not specified)
No auth needed
Prerequisites: Access to the target system's `composer_check.php` file · Ability to manipulate the `composer install` command execution
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Product, Vendor Advisory x_refsource_misc
http://anchorcms.com/
Product, Vendor Advisory x_refsource_misc
https://anchorcms.com/
Exploit, Third Party Advisory x_refsource_misc
https://twitter.com/NinadMishra5/status/1350077938176151558

Scores

CVSS v3 8.8
EPSS 0.0921
EPSS Percentile 92.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Lab Environment

COMMUNITY
Community Lab

Details

CWE
CWE-352
Status published
Products (1)
anchorcms/anchor_cms 0.12.7
Published Jan 19, 2021
Tracked Since Feb 18, 2026