Submit #92954: Online Pizza Ordering System has CSRF vulnerabilityinfo

TitleOnline Pizza Ordering System has CSRF vulnerability
DescriptionBUG_Author: Murasaki URL:http://localhost/php-opos/admin/ajax.php?action=save_user Link:https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html There is a CSRF vulnerability in the Online Pizza Ordering System v1.0. When the administrator is logged in, open the created JS script file to complete the operation of adding an administrator.When the administrator is logged in, open the specified JS script file to complete a series of operations that require permissions, such as adding an administrator. The CSRF vulnerability can complete various permission operations in the background when combined with the stored XSS vulnerability, which seriously affects business processes and permission management.
Source⚠️ https://github.com/1MurasaKi/PizzaCSRF_report/tree/main/vender/Online%20Pizza%20Ordering%20System
UserMurasaki (ID 41555)
Submission02/22/2023 02:49 (1 Year ago)
Moderation02/23/2023 16:20 (2 days later)
Accepted
Accepted
VulDB EntryVDB-221681

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!