Cross-site Request Forgery (CSRF) Vulnerability in the gleez/cms library

 

 

Cross-site Request Forgery (CSRF) Vulnerability in the gleez/cms library - CVE-2018-15845

Overview

Gleez CMS is vulnerable to CSRF which leads to adding an administrator account in admin/users/add

PoC

After the administrator logs in send him this html page :

<script>history.pushState('', '', '/')</script> 

Remediation

This issue has not yet been fixed

Resources

Ready to be protected?

14 days trial , No credit card upfront , Risk free