提出 #491600: webkul qloapps 1.6.1 Cross-Site Request Forgery情報

タイトルwebkul qloapps 1.6.1 Cross-Site Request Forgery
説明The QloApps application is vulnerable to a Cross-Site Request Forgery (CSRF) attack via the logout functionality. By submitting a specially crafted URL, an attacker can force a user to log out without their knowledge or consent. This can be triggered by visiting a malicious webpage, causing the user to be immediately logged out. This vulnerability exposes users to potential Denial of Service (DoS), admin disruption, and manipulation of login sessions, especially for authenticated users or administrators.
ソース⚠️ https://github.com/mano257200/qloapps-csrf-logout-vulnerability
ユーザー
 Mahendravarman (UID 80955)
送信2025年01月29日 20:47 (1 年 ago)
モデレーション2025年02月06日 07:59 (7 days later)
ステータス承諾済み
VulDBエントリ294834 [Webkul QloApps 1.6.1 URL /en/?mylogout クロスサイトリクエストフォージェリ]
ポイント20

Might our Artificial Intelligence support you?

Check our Alexa App!