# Exploit Title: RISE - Ultimate Project Manager v2.3 - Cross-Site Request Forgery (Add Admin) # Date: 11-11-2019 # Exploit Author: Ismail Tasdelen # Vendor Homepage: http://fairsketch.com/ # Software Link : https://codecanyon.net/item/rise-ultimate-project-manager/15455641 # Software : RISE - Ultimate Project Manager # Product Version: Version 2.3 # Vulernability Type : Cross-Site Request Forgery # Vulenrability : Cross-Site Request Forgery (Add Admin) # CVE : CVE-2019-18884 # index.php/team_members/add_team_member in RISE Ultimate Project Manager v2.3 has CSRF for adding authorized users. # CSRF PoC :