EasyImages Cross-Site Request Forgery Vulnerability Allowing Privilege Escalation to Administrator

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the EasyImages application, specifically in version 2.0 through 2.8.6, within the admin/admin.inc.php component. This vulnerability allows attackers to escalate privileges to Administrator by manipulating users into interacting with a malicious web page.

Impact

Exploitation of this vulnerability allows for unauthorized password changes of administrators, followed by remote code execution on the server.

Reproduction

To reproduce this vulnerability, an attacker must create a malicious HTML page that includes a CSRF payload. This page should be designed to automatically submit a POST request to the vulnerable admin endpoint, changing the password of an administrator to a value controlled by the attacker. Once the password is changed, the attacker can log into the admin panel, upload a web shell, and execute it to gain remote code execution on the server.