Отправить #491600: webkul qloapps 1.6.1 Cross-Site Request ForgeryИнформация

Названиеwebkul qloapps 1.6.1 Cross-Site Request Forgery
ОписаниеThe QloApps application is vulnerable to a Cross-Site Request Forgery (CSRF) attack via the logout functionality. By submitting a specially crafted URL, an attacker can force a user to log out without their knowledge or consent. This can be triggered by visiting a malicious webpage, causing the user to be immediately logged out. This vulnerability exposes users to potential Denial of Service (DoS), admin disruption, and manipulation of login sessions, especially for authenticated users or administrators.
Источник⚠️ https://github.com/mano257200/qloapps-csrf-logout-vulnerability
Пользователь
 Mahendravarman (UID 80955)
Представление29.01.2025 20:47 (1 Год назад)
Модерация06.02.2025 07:59 (7 days later)
Статуспринято
Запись VulDB294834 [Webkul QloApps 1.6.1 URL /en/?mylogout подделка межсайтовых запросов]
Баллы20

Want to stay up to date on a daily basis?

Enable the mail alert feature now!