CSRF to RCE on Backdrop CMS 120 This PoC describe how to exploit CSRF on Backdrop CMS Version 120 with escalation to RCE ## CVE ID CVE-2021-45268 Description The Backdrop CMS version 120 allows plugins to be added via ZIP files uploaded to the site And because it does not have anti-CSRF protection, it is possible for an attacker to create a plugin with a file that allows e