pybbs <=6.0.0 CSRF정보

제목	atjiu https://github.com/atjiu/pybbs <=6.0.0 CSRF
설명	In the latest version (v6.0.0) of PyBBS, no any CSRF protection, the endpoint /admin/user/edit is used for admin user to modify user's information, such as password, email, bio, etc, all the parameters can be predicted, it allows attacker launch CSRF attacks, thus changing user's information.
원천	⚠️ https://github.com/atjiu/pybbs/issues/211
사용자	ZAST.AI (UID 87884)
제출	2025. 07. 25. AM 09:57 (9 개월 ago)
모더레이션	2025. 08. 09. PM 02:35 (15 days later)
상태	수락
VulDB 항목	319343 [atjiu pybbs 까지 6.0.0 CookieUtil.java setCookie 교차 사이트 요청 위조]
포인트들	17

Do you want to use VulDB in your project?

Use the official API to access entries easily!