← back
CVE-2023-34927

CVE-2023-34927

EPSS 3.1%
Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password. This vulnerability allows attackers to arbitrarily change the victim user's password via supplying a crafted URL.
Affected products
n/a · n/a
public PoCs found3
exploitdbwww.exploit-db.com/exploits/51961unverifiedexploitdbwww.exploit-db.com/exploits/52432unverifiedexploitdbwww.exploit-db.com/exploits/52439unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://casdoor.org/https://gist.github.com/omriman067/4e90a3a4ffa40984f011d8777a995469https://github.com/casdoor/casdoor/issues/1531