| शीर्षक | Bdtask Sales ERP Software Latest version as of 2025-10-16 Cross-Site Request Forgery (CSRF) |
|---|
| विवरण | A Cross-Site Request Forgery (CSRF) vulnerability exists in the user profile update functionality of Sales ERP Software. The application fails to implement anti-CSRF tokens in the /dashboard/home/update_profile endpoint. This allows an attacker to craft a malicious webpage that, when visited by an authenticated user (e.g., an administrator), will forge and submit a request to change the user's profile details, such as their email address. Successful exploitation can lead to account takeover by allowing the attacker to initiate a password reset for the compromised account. |
|---|
| स्रोत | ⚠️ https://github.com/4m3rr0r/PoCVulDb/issues/1 |
|---|
| उपयोगकर्ता | 4m3rr0r (UID 85795) |
|---|
| सबमिशन | 29/10/2025 02:24 PM (8 महीनों पहले) |
|---|
| संयम | 14/11/2025 12:01 PM (16 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 332467 [Bdtask/CodeCanyon SalesERP तक 20250728 क्रॉस साइट रिक्वेस्ट फॉर्जरी] |
|---|
| अंक | 20 |
|---|