| Titel | SourceCodester Computer Laboratory Management System (PHP LMS) 1.0 Cross-Site Request Forgery |
|---|
| Beschreibung | A Cross-Site Request Forgery (CSRF) vulnerability exists in the PHP LMS application.
The application does not implement CSRF protection on state-changing requests handled by the save_users function in classes/Users.php.
The endpoint POST /classes/Users.php?f=save processes account modification requests without validating a CSRF token or verifying request origin.
An attacker can craft a malicious webpage that, when visited by an authenticated administrator, triggers unauthorized administrator account modification.
This can lead to administrative account takeover and full compromise of the application. |
|---|
| Quelle | ⚠️ https://gist.github.com/richardaugustine/618db4846b5ea60344721c716ef31b4e |
|---|
| Benutzer | Richardaugustine (UID 95966) |
|---|
| Einreichung | 27.02.2026 06:14 (vor 1 Monat) |
|---|
| Moderieren | 07.03.2026 21:57 (9 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 349748 [SourceCodester Computer Laboratory Management System 1.0 Cross Site Request Forgery] |
|---|
| Punkte | 20 |
|---|