Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: CMS / Portals :: b1a-1333.htm

PHPWCMS 1.4.5 CSRF



CSRF in PHPWCMS 1.4.5
CSRF in PHPWCMS 1.4.5



http://phpwcms.googlecode.com/files/phpwcms_r398.zip 
		Version: 1.4.5 r398
		Tested on: WinXP SP2 (EN) on WAMP 2.0
		CVE: N/A
	=09
		Jeremiah Talamantes
		RedTeam Security (RedTeam Labs)
http://www.redteamsecure.com/labs 
	=09
		Description:
		A vulnerability has been identified in PHPWCMS, which could be exploited to conduct cross-site request forgery attacks.
		This issue is caused due to input validation errors in the administrative interface when processing HTTP requests, 
		which could be exploited by attackers to manipulate certain data by tricking an administrator into visiting a malicious web page.
	*/
?>


	PHPWCMS 1.4.5 r389 Cross Site Request Forgery
	


	
action="http://localhost/phpwcms/phpwcms.php?do=files&f=0">


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH