CVE-2020-37217

Vulnerability

Overview

Easy2Pilot 7 contains a cross-site request forgery (CSRF) vulnerability in the admin.php?action=add_user endpoint. The application fails to implement anti-CSRF tokens or other validation mechanisms, allowing an attacker to craft a malicious HTML form that submits a POST request with username and password parameters to create a new administrative user [1][2].

Exploitation

An attacker can host a crafted HTML page (e.g., poc.html) that automatically submits the form when visited by an authenticated administrator. The attack requires no special privileges beyond tricking the admin into loading the page, typically via social engineering or by embedding the form in a trusted site [1]. The PoC code demonstrates a straightforward form targeting the vulnerable endpoint [1].

Impact

Successful exploitation allows the attacker to create a new administrative account without the administrator's consent. This grants the attacker full control over the Easy2Pilot application, including the ability to modify settings, access sensitive data, or perform further malicious actions [2].

Mitigation

As of the publication date, no official patch has been released. Administrators should implement CSRF protection, such as synchronizer tokens or same-site cookies, and restrict access to the admin.php interface. Additionally, users should be cautious of unsolicited links and consider using browser extensions that block automatic form submissions [2].