Submit #333894: sourcecodester Simple Online Bidding System v1.0 CSRFinfo

Titlesourcecodester Simple Online Bidding System v1.0 CSRF
DescriptionSimple Online Bidding System 1.0 is vulnerable to /simple-online-bidding-system/admin/ajax.php?action=save_user unrestricted CSRF attack. The password change function does not have any Token restrictions. A malicious attacker could exploit this vulnerability to change the administrator password.
Source⚠️ https://github.com/Hefei-Coffee/cve/blob/main/csrf.md
UserHefei-Coffee (ID 68557)
Submission05/14/2024 02:40 PM (1 month ago)
Moderation05/15/2024 02:23 PM (24 hours later)
StatusAccepted
VulDB Entry264465

Do you need the next level of professionalism?

Upgrade your account now!