# Exploit Title: Subrion CMS 4.0.5 - Cross-Site Request Forgery (Add Admin) # Date: 2020-01-05 # Exploit Author: Ismail Tasdelen # Vendor Homepage: https://intelliants.com/ # Software Link : https://github.com/intelliants/subrion/releases/tag/v4.0.5 # Software : Subrion CMS # Product Version: v 4.0.5.10 # Vulernability Type : Cross-Site Request Forgery (Add Admin) # Vulenrability : Cross-Site Request Forgery # CVE : N/A # Description : # CSRF vulnerability was discovered in v4.0.5 version of Subrion CMS. # With this vulnerability, authorized users can be added to the system. HTML CSRF PoC :