| 제목 | SourceCodester Diary App 1.0 Cross Site Request Forgery |
|---|
| 설명 | A Cross-Site Request Forgery (CSRF) vulnerability exists in the SourceCodester Diary App in diary.php.
The application performs a state-changing action via the GET parameter `delete` without implementing CSRF protection.
An attacker can craft a malicious webpage that triggers the following request when visited by an authenticated user:
/diary_app/diary-app/diary.php?delete=<id>
This allows attackers to delete diary entries without the user's consent. |
|---|
| 원천 | ⚠️ https://gist.github.com/Mohdanass/50a525ba0a72e10fda85f0db11eeed92 |
|---|
| 사용자 | Anas22335 (UID 96357) |
|---|
| 제출 | 2026. 03. 11. PM 04:42 (22 날 ago) |
|---|
| 모더레이션 | 2026. 03. 27. AM 09:49 (16 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 353855 [SourceCodester Diary App 1.0 diary.php 교차 사이트 요청 위조] |
|---|
| 포인트들 | 20 |
|---|