Title: SOCA Access Control System 180612 CSRF Add Admin Exploit Advisory ID: ZSL-2019-5520 Type: Local/Remote Impact: Cross-Site Scripting Risk: 3/5 Release Date: 13.05.2019 Vendor: SOCA Technology Co., Ltd - Affected Version: 180612, 170000, 141007 Tested On: - Windows NT 6.1 build 7601 (Windows 7 Service Pack 1) i586 - Windows NT 6.2 build 9200 (Windows Server 2012 Standard Edition) i586 - Apache/2.2.22 (Win32) - PHP/5.4.13 PoC: soca_csrf.txt Credits: Vulnerability discovered by Gjoko Krstic - References: 1. 2. 3. 4.