This exploit demonstrates a CSRF vulnerability in CMSPro! 2.08, allowing an attacker to escalate a normal user to administrator privileges via a crafted POST request. The PoC includes a malicious request that modifies user permissions without explicit confirmation.
Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target:CMSPro! 2.08
Auth required
Prerequisites:Victim must be authenticated as an administrator · Victim must visit a crafted URL or page