Online Grading System 1.0 CSRF

    Disclosure date: 10/22/19

    CVE-2019-18280

    Online Grading System 1.0 is affected by a Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page.

    The users page:





    Malicious page: 





    The outcome:






    © 2020 sevenlayers.com