exploitdb
WRITEUP
VERIFIED
by Abysssec · textwebappsasp
https://www.exploit-db.com/exploits/14879
The advisory details two vulnerabilities in Visinia 1.3: a CSRF vulnerability allowing module removal via a malicious POST request and an LFI vulnerability enabling arbitrary file download via path traversal in the 'image.axd' endpoint.
Classification
Writeup 90%
Target:
Visinia 1.3
Auth required
Prerequisites:
Admin session for CSRF · Access to vulnerable endpoint for LFI