Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
A Cross Site Request Forgery (CSRF) vulnerability exists in Backdrop CMS 1.20, which allows Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading a maliciously add-on with crafted PHP file. NOTE: the vendor disputes this because the attack requires a session cookie of a high-privileged authenticated user who is entitled to install arbitrary add-ons
- https://github.com/V1n1v131r4/CSRF-to-RCE-on-Backdrop-CMS
- https://www.exploit-db.com/exploits/50323
- https://github.com/20142995/nuclei-templates
- https://github.com/ARPSyndicate/cvemon
- https://github.com/V1n1v131r4/CSRF-to-RCE-on-Backdrop-CMS
- https://github.com/V1n1v131r4/My-CVEs
- https://github.com/cyb3r-w0lf/nuclei-template-collection
- https://github.com/fkie-cad/nvd-json-data-feeds