Submeter #491600: webkul qloapps 1.6.1 Cross-Site Request Forgeryinformação

Títulowebkul qloapps 1.6.1 Cross-Site Request Forgery
DescriçãoThe QloApps application is vulnerable to a Cross-Site Request Forgery (CSRF) attack via the logout functionality. By submitting a specially crafted URL, an attacker can force a user to log out without their knowledge or consent. This can be triggered by visiting a malicious webpage, causing the user to be immediately logged out. This vulnerability exposes users to potential Denial of Service (DoS), admin disruption, and manipulation of login sessions, especially for authenticated users or administrators.
Fonte⚠️ https://github.com/mano257200/qloapps-csrf-logout-vulnerability
Utilizador
 Mahendravarman (UID 80955)
Submissão29/01/2025 20h47 (há 1 Ano)
Moderação06/02/2025 07h59 (7 days later)
EstadoAceite
Entrada VulDB294834 [Webkul QloApps 1.6.1 URL /en/?mylogout Falsificação de Pedido entre Sites]
Pontos20

VoltarVisão GeralPróximo

Interested in the pricing of exploits?

See the underground prices here!