CVE-2020-37241
MEDIUMbloofoxCMS 0.5.2.1 Cross-Site Request Forgery via user add
Title source: cnaExploitation Summary
EIP tracks 1 public exploit for CVE-2020-37241. PoCs published by LiPeiYi.
AI-analyzed exploit summary This is a functional CSRF exploit for bloofoxCMS 0.5.2.1 that adds an admin user via a crafted HTML form submission. The PoC demonstrates the vulnerability by automating the submission of user creation parameters without requiring user interaction beyond visiting the malicious page.
Description
bloofoxCMS 0.5.2.1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious pages. Attackers can craft hidden forms targeting the admin user creation endpoint to add new administrative accounts with arbitrary credentials without requiring explicit user consent.
Exploits (1)
This is a functional CSRF exploit for bloofoxCMS 0.5.2.1 that adds an admin user via a crafted HTML form submission. The PoC demonstrates the vulnerability by automating the submission of user creation parameters without requiring user interaction beyond visiting the malicious page.
References (4)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N