[FD] appRain 4.0.3: CSRF

Security Advisory - Curesec Research Team 1. Introduction Affected Product: appRain 4.0.3 Fixed in: Fixed via Optional Module CSRF Protection Module http://ift.tt/1OTM6bA Link: =Description Vendor Website: info@apprain.com Vulnerability Type: CSRF Remote Exploitable: Yes Reported to vendor: 10/02/2015 Disclosed to public: 12/02/2015 Release mode: Coordinated release CVE: requested, but not assigned Credits Tim Coen of Curesec GmbH 2. Vulnerability Description CVSS Medium 5.1 AV:N/AC:L/Au:S/C:P/I:P/A:P Description None of the requests have CSRF protection. This means that an attacker can execute actions for an admin if the admin visits an attacker controlled website while logged in. 3. Proof of Concept Add new Admin:

Code Execution (using the PHP file editor):