CVE-2021-34167

Vulnerability

A Cross-Site Request Forgery (CSRF) vulnerability exists in taoCMS version 3.0.2. The admin/admin.php endpoint does not implement any anti-CSRF tokens, allowing an attacker to forge requests on behalf of an authenticated administrator. The issue is documented in the project's issue tracker [1].

Exploitation

An attacker must trick a logged-in administrator into visiting a malicious HTML page. The page contains JavaScript that automatically submits a POST request to admin/admin.php with parameters to either add a new administrator account (with fields name, passwd, auth_level, etc.) or change the current administrator's password (with fields pwd, action, ctrl). No user interaction beyond visiting the page is required [1].

Impact

Successful exploitation allows the attacker to create a new administrator account with full privileges or change the existing administrator's password. This results in complete compromise of the taoCMS installation, including unauthorized access to administrative functions and data [1].

Mitigation

As of the publication date, no official patch has been released for taoCMS 3.0.2. The vendor has not provided a fixed version. Administrators should implement CSRF protection mechanisms, such as including a unique token in each form and verifying it on the server side, or consider migrating to a maintained alternative. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog.