SOCA Access Control System Cross-Site Request Forgery Vulnerability Allowing Unauthorized Admin Actions
Vulnerability
A cross-site request forgery (CSRF) vulnerability has been identified in the SOCA Access Control System version 180612. This vulnerability allows attackers to perform administrative actions by exploiting the lack of proper request validation. By crafting malicious web pages that submit forged requests, attackers can trick logged-in users into visiting the page and inadvertently creating admin accounts.
Impact
Exploitation of this vulnerability allows for cross-site request forgery, enabling unauthorized administrative actions to be performed on behalf of a user.
Reproduction
To reproduce this vulnerability, a logged-in user must be tricked into visiting a malicious website that submits a forged request to the 'Insert_Permission.php' endpoint. The request must include a payload that exploits the lack of validation, such as one that creates an admin account.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.