pybbs <=6.0.0 CSRFजानकारी

शीर्षक	atjiu https://github.com/atjiu/pybbs <=6.0.0 CSRF
विवरण	In the latest version (v6.0.0) of PyBBS, no any CSRF protection, the endpoint /admin/user/edit is used for admin user to modify user's information, such as password, email, bio, etc, all the parameters can be predicted, it allows attacker launch CSRF attacks, thus changing user's information.
स्रोत	⚠️ https://github.com/atjiu/pybbs/issues/211
उपयोगकर्ता	ZAST.AI (UID 87884)
सबमिशन	25/07/2025 09:57 AM (9 महीनों पहले)
संयम	09/08/2025 02:35 PM (15 days later)
स्थिति	स्वीकृत
VulDB प्रविष्टि	319343 [atjiu pybbs तक 6.0.0 CookieUtil.java setCookie क्रॉस साइट रिक्वेस्ट फॉर्जरी]
अंक	17

Want to stay up to date on a daily basis?

Enable the mail alert feature now!