| Titel | code-projects Simple Car Rental System 1.0 Cross-Site Request Forgery |
|---|
| Beschreibung | A Cross-Site Request Forgery (CSRF) vulnerability was found in /admin/delete_car.php. The operation to delete a car (which sends the purchased vehicle to the customer) lacks a protective mechanism, such as a CSRF token, to validate the request's authenticity. If an authenticated administrator is tricked into visiting a malicious webpage, an attacker can forge a request to this endpoint.
This would cause the administrator's browser to execute the delete action without their knowledge or consent, leading to the unauthorized manipulation or deletion of vehicle data. |
|---|
| Quelle | ⚠️ https://github.com/i-Corner/cve/issues/12 |
|---|
| Benutzer | iC0rner (UID 82839) |
|---|
| Einreichung | 28.07.2025 14:20 (vor 11 Monaten) |
|---|
| Moderieren | 30.07.2025 10:18 (2 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 318285 [code-projects Simple Car Rental System 1.0 Cross Site Request Forgery] |
|---|
| Punkte | 20 |
|---|