## https://sploitus.com/exploit?id=ED596BCB-DC1C-5615-AA51-EF64BC53CA3A
# CVE-2025-57310
A Cross-Site Request Forgery (CSRF) vulnerability in Salmen2/Simple-Faucet-Script v1.07 via crafted POST request to admin.php?p=ads&c=1 allowing attackers to execute arbitrary code.
# CWE
CWE-352: Cross-Site Request Forgery (CSRF)
# CVSS v3.1 Base Score: 8.8 (High)
```bash
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
```
# Summary
The product is vulnerable to Cross-Site Request Forgery (CSRF) on the admin panel. When an authenticated admin visits a malicious page containing the PoC, the CSRF attack causes unauthorized modification of the homepage content.
# Steps to reproduce
1. Login as an administrator at https://example.com/admin.php
2. Open the followin PoC, observe an alert popup on the homepage (Stored XSS).
```html
CSRF PoC
Standard CSRF PoC
alert();" />
history.pushState('', '', '/');
document.forms[0].submit();
```
# Impact
An attacker can inject arbitrary HTML/JavaScript into the homepage via the `spacetop` parameter, leading to Stored Cross-Site Scripting (XSS).