CVE-2021–36543

3 years ago 324
BOOK THIS SPACE FOR AD
ARTICLE AD

Cyber Division

# Exploit Title: SeedDMS v5.1.x<5.1.23 and v6.0.x<6.0.16 is affected by cross-site request forgery (CSRF) in /op/op.UnlockDocument.php
# Date: 02/08/21
# Exploit Author: Division of Cyber Security & Digital Forensics — VIT Bhopal University
# Vendor Homepage: https://www.seeddms.org/
# Version: 5.1.x<5.1.23 and 6.0.x<6.0.16
# CVE : CVE-2021–35343
Description:
Cross-Site Request Forgery (CSRF) vulnerability in the /op/op.UnlockDocument.php in SeedDMS v5.1.x<5.1.23 and v6.0.x<6.0.16 allows a remote attacker to unlock any document without victim’s knowledge, by enticing an authenticated user to visit an attacker’s web page.
Steps to reproduce:
1. Login with the admin account.
2. Visit this URL: http://localhost/op/op.UnlockDocument.php?documentid=<ID>
You’ll see that the document will be unlocked.

Read Entire Article