pybbs <=6.0.0 CSRFالمعلومات

عنوان	atjiu https://github.com/atjiu/pybbs <=6.0.0 CSRF
الوصف	In the latest version (v6.0.0) of PyBBS, no any CSRF protection, the endpoint /admin/user/edit is used for admin user to modify user's information, such as password, email, bio, etc, all the parameters can be predicted, it allows attacker launch CSRF attacks, thus changing user's information.
المصدر	⚠️ https://github.com/atjiu/pybbs/issues/211
المستخدم	ZAST.AI (UID 87884)
ارسال	25/07/2025 09:57 AM (9 أشهر منذ)
الاعتدال	09/08/2025 02:35 PM (15 days later)
الحالة	تمت الموافقة
إدخال VulDB	319343 [atjiu pybbs حتى 6.0.0 CookieUtil.java setCookie تزوير طلبات عبر المواقع]
النقاط	17

Do you want to use VulDB in your project?

Use the official API to access entries easily!