CVEs-PoC/2018/CVE-2018-6288.md

### [CVE-2018-6288](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6288)
![](https://img.shields.io/static/v1?label=Product&message=Kaspersky%20Secure%20Mail%20Gateway&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross-site%20Request%20Forgery%20leading%20to%20Administrative%20account%20takeover&color=brighgreen)

### Description

Cross-site Request Forgery leading to Administrative account takeover in Kaspersky Secure Mail Gateway version 1.1.

### POC

#### Reference
- https://support.kaspersky.com/vulnerability.aspx?el=12430#010218
- https://www.coresecurity.com/advisories/kaspersky-secure-mail-gateway-multiple-vulnerabilities

#### Github
- https://github.com/lean0x2F/lean0x2f.github.io