| Titolo | code-projects Simple Car Rental System 1.0 Cross-Site Request Forgery |
|---|
| Descrizione | A Cross-Site Request Forgery (CSRF) vulnerability was found in /admin/delete_car.php. The operation to delete a car (which sends the purchased vehicle to the customer) lacks a protective mechanism, such as a CSRF token, to validate the request's authenticity. If an authenticated administrator is tricked into visiting a malicious webpage, an attacker can forge a request to this endpoint.
This would cause the administrator's browser to execute the delete action without their knowledge or consent, leading to the unauthorized manipulation or deletion of vehicle data. |
|---|
| Fonte | ⚠️ https://github.com/i-Corner/cve/issues/12 |
|---|
| Utente | iC0rner (UID 82839) |
|---|
| Sottomissione | 28/07/2025 14:20 (11 mesi fa) |
|---|
| Moderazione | 30/07/2025 10:18 (2 days later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 318285 [code-projects Simple Car Rental System 1.0 cross site request forgery] |
|---|
| Punti | 20 |
|---|