Sistem Informasi Pengumuman Kelulusan Online Cross-Site Request Forgery Vulnerability Allowing Unauthorized Admin User Creation
Vulnerability
A cross-site request forgery (CSRF) vulnerability has been identified in Sistem Informasi Pengumuman Kelulusan Online version 1.0. This vulnerability allows attackers to add unauthorized admin users through the 'tambahuser.php' endpoint. By crafting a malicious HTML form, attackers can submit admin credentials and create new administrative accounts without the victim's consent.
Impact
Exploitation of this vulnerability allows for the unauthorized addition of admin users, potentially leading to misuse of administrative privileges within the application.
Reproduction
To exploit this vulnerability, create a form that targets the 'tambahuser.php' endpoint within the admin directory of the application. Include fields for the username, name, and password of the admin user to be created. Once the form is submitted, the new admin account will be created without the need for authorization.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.