CVE deatail

发表于 2023-10-27 分类于 CVE 阅读次数：本文字数： 430 阅读时长 ≈ 1 分钟

CVE-2023-42188 detail

[Suggested description]
IceCMS v2.0.1 is vulnerable to Cross Site Request Forgery (CSRF).

[Vulnerability Type]
Cross Site Request Forgery (CSRF)

[Vendor of Product]
https://github.com/Thecosy/IceCMS

[Affected Product Code Base]
IceCMS - v2.0.1

[Affected Component]
After the administrator open the following page and click the the Submit request, cause the CSRF vulnerability.(exp : https://github.com/Thecosy/IceCMS/issues/17)

[Root cause]
The request header does not have csrftoken added.