cve/2024/CVE-2024-35475.md

CVE-2024-35475

Description

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in OpenKM Community Edition on or before version 6.3.12. The vulnerability exists in /admin/DatabaseQuery, which allows an attacker to manipulate a victim with administrative privileges to execute arbitrary SQL commands.

POC

Reference

• https://github.com/carsonchan12345/CVE-2024-35475
• https://github.com/carsonchan12345/CVE-2024-35475
• https://github.com/carsonchan12345/OpenKM-CSRF-PoC
• https://github.com/carsonchan12345/OpenKM-CSRF-PoC

Github

• https://github.com/carsonchan12345/CVE-2024-35475
• https://github.com/nomi-sec/PoC-in-GitHub