Open in app

Sign in

Write

Sign in

CVE-2021–26216

Tuhin Bose
Mar 18, 2021

--

# Exploit Title: SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditFolder.php
# Date: 15/03/21
# Exploit Author: Tuhin Bose
# Vendor Homepage: https://www.seeddms.org/
# Version: 5.1.x
# CVE : CVE-2021–26216

SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditFolder.php that allows an attacker to edit victim’s documents. To exploit this vulnerability, an attacker has to host the html code in his server and send the link to victim.

Steps to reproduce:

  1. Visit the edit folder page.
  2. Add one document
  3. Capture the request using burp and right click on the request and click on “Engagement tools” “Generate CSRF poc”
  4. Copy the html code and save it as csrf.html on your server.
Infosec
Cybersecurity
Bughunter
Bugbounty
Cve

--

--

Tuhin Bose
Tuhin Bose

Written by Tuhin Bose

863 Followers
18 Following

Cyber Security Researcher | Bug Bounty Hunter | Penetration Tester | Infosec Trainer | Freelancer | Speaker | Blogger

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams