| Título | SourceCodester Diary App 1.0 Cross Site Request Forgery |
|---|
| Descrição | A Cross-Site Request Forgery (CSRF) vulnerability exists in the SourceCodester Diary App in diary.php.
The application performs a state-changing action via the GET parameter `delete` without implementing CSRF protection.
An attacker can craft a malicious webpage that triggers the following request when visited by an authenticated user:
/diary_app/diary-app/diary.php?delete=<id>
This allows attackers to delete diary entries without the user's consent. |
|---|
| Fonte | ⚠️ https://gist.github.com/Mohdanass/50a525ba0a72e10fda85f0db11eeed92 |
|---|
| Utilizador | Anas22335 (UID 96357) |
|---|
| Submissão | 11/03/2026 16h42 (há 21 dias) |
|---|
| Moderação | 27/03/2026 09h49 (16 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 353855 [SourceCodester Diary App 1.0 diary.php Falsificação de Pedido entre Sites] |
|---|
| Pontos | 20 |
|---|