إرسال #491600: webkul qloapps 1.6.1 Cross-Site Request Forgeryالمعلومات

عنوانwebkul qloapps 1.6.1 Cross-Site Request Forgery
الوصفThe QloApps application is vulnerable to a Cross-Site Request Forgery (CSRF) attack via the logout functionality. By submitting a specially crafted URL, an attacker can force a user to log out without their knowledge or consent. This can be triggered by visiting a malicious webpage, causing the user to be immediately logged out. This vulnerability exposes users to potential Denial of Service (DoS), admin disruption, and manipulation of login sessions, especially for authenticated users or administrators.
المصدر⚠️ https://github.com/mano257200/qloapps-csrf-logout-vulnerability
المستخدم
 Mahendravarman (UID 80955)
ارسال29/01/2025 08:47 PM (1 سنة منذ)
الاعتدال06/02/2025 07:59 AM (7 days later)
الحالةتمت الموافقة
إدخال VulDB294834 [Webkul QloApps 1.6.1 URL /en/?mylogout تزوير طلبات عبر المواقع]
النقاط20

Do you want to use VulDB in your project?

Use the official API to access entries easily!