# Exploit Title: Simple CRM 3.0 - 'Change user information' Cross-Site Request Forgery (CSRF) # Date: 20/06/2021 # Exploit Author: Riadh Benlamine (rbn0x00) # Vendor Homepage: https://phpgurukul.com/ # Software Link: https://phpgurukul.com/small-crm-php/ # Version: 3.0 # Category: Webapps # Tested on: Apache2+MariaDB latest version # Description : Simple CRM suffers from Cross-site request forgery, which the attacker can manipulate user data via triggering user to visit suspicious url Vulnerable page: /crm/profile.php POC: ----