| Title | https://gitee.com/technical-laohu/mpay mpay v1.2.4 Cross-Site Request Forgery |
|---|
| Description | The deletion function of the account management of the mpay system in the latest version of v1.2.4 has a CSRF vulnerability,CSRF attacks can exploit the login status of users to perform malicious operations without the user's knowledge, resulting in serious consequences such as user information leakage, account tampering, or sensitive operations being accidentally triggered. |
|---|
| Source | ⚠️ https://github.com/bdkuzma/vuln/issues/18 |
|---|
| User | baihekuz (UID 84516) |
|---|
| Submission | 01/10/2026 05:31 AM (1 month ago) |
|---|
| Moderation | 01/18/2026 03:00 PM (8 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 341746 [technical-laohu mpay up to 1.2.4 cross-site request forgery] |
|---|
| Points | 20 |
|---|