| 제목 | Bdtask Sales ERP Software Latest version as of 2025-10-16 Cross-Site Request Forgery (CSRF) |
|---|
| 설명 | A Cross-Site Request Forgery (CSRF) vulnerability exists in the user profile update functionality of Sales ERP Software. The application fails to implement anti-CSRF tokens in the /dashboard/home/update_profile endpoint. This allows an attacker to craft a malicious webpage that, when visited by an authenticated user (e.g., an administrator), will forge and submit a request to change the user's profile details, such as their email address. Successful exploitation can lead to account takeover by allowing the attacker to initiate a password reset for the compromised account. |
|---|
| 원천 | ⚠️ https://github.com/4m3rr0r/PoCVulDb/issues/1 |
|---|
| 사용자 | 4m3rr0r (UID 85795) |
|---|
| 제출 | 2025. 10. 29. PM 02:24 (8 개월 ago) |
|---|
| 모더레이션 | 2025. 11. 14. PM 12:01 (16 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 332467 [Bdtask/CodeCanyon SalesERP 까지 20250728 교차 사이트 요청 위조] |
|---|
| 포인트들 | 20 |
|---|