CVE-2021-27885_e107_CMS_2.3.0_跨站請求偽造漏洞

# CVE-2021-27885 e107 CMS 2.3.0 跨站請求偽造漏洞
==EXP==

# Exploit Title: e107 CMS 2.3.0 - CSRF
# Date: 04/03/2021
# Exploit Author: Tadjmen
# Vendor Homepage: https://e107.org
# Software Link: https://e107.org/download
# Version: 2.3.0
# Tested on: Windows 10
# CVE : CVE-2021-27885

CSRF vulnerability on e107 CMS

## Bug Description
Hi. I found a CSRF on the e107 CMS. Hacker can change password any user click the link.

## How to Reproduce
Steps to reproduce the behavior:
1. Create a CSRF login POC using the following code.

```







  
Cross Site Request Forgery (Edit Existing Admin details)
















 

```


2. Replace the email and password with the valid credentials.
3. Send the link script to the victim (admin) to make them click.
4. Login with new admin password