mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-28 18:48:49 +00:00
871 B
871 B
CVE-2024-35475
Description
A Cross-Site Request Forgery (CSRF) vulnerability was discovered in OpenKM Community Edition on or before version 6.3.12. The vulnerability exists in /admin/DatabaseQuery, which allows an attacker to manipulate a victim with administrative privileges to execute arbitrary SQL commands.
POC
Reference
- https://github.com/carsonchan12345/CVE-2024-35475
- https://github.com/carsonchan12345/OpenKM-CSRF-PoC