Submit #489644: Mindskip xzs-mysql 3.9.0 Cross-Site Request Forgeryinfo

Title	Mindskip xzs-mysql 3.9.0 Cross-Site Request Forgery
Description	Mindskip xzs-mysql 3.9.0 lacks cross-site request forgery (CSRF) protection throughout the application. This allows an attacker to trick an authenticated user into performing arbitrary state modification requests, such as submitting exam answers without the user's consent. The lack of CSRF tokens in requests leaves the application highly susceptible to exploitation.
Source	⚠️ https://github.com/cydtseng/Vulnerability-Research/blob/main/xzs-mysql/CrossSiteRequestForgery-Multiple.md
User	vastzero (UID 78767)
Submission	01/26/2025 10:51 AM (5 months ago)
Moderation	02/06/2025 03:26 PM (11 days later)
Status	Accepted
VulDB Entry	294860 [Mindskip xzs-mysql 学之思开源考试系统 3.9.0 cross-site request forgery]
Points	18

Want to stay up to date on a daily basis?

Enable the mail alert feature now!