<-- # Exploit Title: MiniCMS 1.10 CSRF Vulnerability # Date: 2018-03-28 # Exploit Author: zixiani1/4me@zixian.orgazixian@5ecurity.cni1/4 # Vendor Homepage: https://github.com/bg5sbk/MiniCMS # Software Link: https://github.com/bg5sbk/MiniCMS # Version: 1.10 # CVE : CVE-2018-9092 There is a CSRF vulnerability that can change the administrator account password After the administrator logged in, open the following page poc: --> test