CVE-2021-47754 | HackTesting

Arunna 1.0.0 contains a cross-site request forgery vulnerability that allows attackers to manipulate user profile settings without authentication. Attackers can craft a malicious form to change user details, including passwords, email, and administrative privileges by tricking authenticated users into submitting the form.

Credits

=(L_L)=

References

https://www.exploit-db.com/exploits/50608

https://web.archive.org/web/20211216074128/https://lyhinslab.org/index.php/2021/11/29/how-white-box-hacking-works-xss-csrf-in-arunna/

https://github.com/arunna/arunna