# Exploit Title: A CSRF vulnerability exists in BEESCMS_V4.0: The administrator can be added arbitrarily. # Date: 2018-06-25 # Exploit Author: bay0net # Vendor Homepage: https://www.cnblogs.com/v1vvwv/p/9226389.html # Software Link: http://www.beescms.com/ # Version: BEESCMS - V4.0 # CVE : CVE-2018-12739 A CSRF vulnerability exists in BEESCMS_V4.0: The administrator can be added arbitrarily. The payload for attack is as follows.