Enviar #622334: atjiu https://github.com/atjiu/pybbs <=6.0.0 CSRFinformación

Títuloatjiu https://github.com/atjiu/pybbs <=6.0.0 CSRF
DescripciónIn the latest version (v6.0.0) of PyBBS, no any CSRF protection, the endpoint /admin/user/edit is used for admin user to modify user's information, such as password, email, bio, etc, all the parameters can be predicted, it allows attacker launch CSRF attacks, thus changing user's information.
Fuente⚠️ https://github.com/atjiu/pybbs/issues/211
Usuario
 ZAST.AI (UID 87884)
Sumisión2025-07-25 09:57 (hace 9 meses)
Moderación2025-08-09 14:35 (15 days later)
EstadoAceptado
Entrada de VulDB319343 [atjiu pybbs hasta 6.0.0 CookieUtil.java setCookie falsificación de solicitudes en sitios cruzados]
Puntos17

AnteriorVisión De ConjuntoPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!