| Title | Online Pizza Ordering System has CSRF vulnerability |
|---|
| Description | BUG_Author: Murasaki
URL:http://localhost/php-opos/admin/ajax.php?action=save_user
Link:https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html
There is a CSRF vulnerability in the Online Pizza Ordering System v1.0.
When the administrator is logged in, open the created JS script file to complete the operation of adding an administrator.When the administrator is logged in, open the specified JS script file to complete a series of operations that require permissions, such as adding an administrator.
The CSRF vulnerability can complete various permission operations in the background when combined with the stored XSS vulnerability, which seriously affects business processes and permission management. |
|---|
| Source | ⚠️ https://github.com/1MurasaKi/PizzaCSRF_report/tree/main/vender/Online%20Pizza%20Ordering%20System |
|---|
| User | Murasaki (ID 41555) |
|---|
| Submission | 22/02/2023 02h49 (1 Year ago) |
|---|
| Moderation | 23/02/2023 16h20 (2 days later) |
|---|
| Status | Aceite |
|---|
| VulDB Entry | 221681 |
|---|