vulnerability cross site request forgery (csrf)
severity 6.8
language php
registry other


The latest version of Bludit is vulnerable to a CSRF attack which allows a user to change the Activated Theme by sending a precrafted code to to the Admin


1:Download Bludit from 2:Extract the zipfile to an Apache Server
3:Enter the required Details and Login as Admin Save the below Code as HTML

<form method="GET" action="http://localhost/bludit-master/admin/install-theme/alternative">
<input type="submit" >

There are two default Themes which are Alternative and BlogX if the admin clicks the submit button when the them BlogX is activated then the activated theme changes