| Название | PHPGurukul Complaint Management System 2.0 Cross-Site Request Forgery |
|---|
| Описание | A Cross-Site Request Forgery (CSRF) vulnerability exists in the Complaint Management System V2.0.
Source code address:https://phpgurukul.com/complaint-management-sytem/
The backend lacks any defensive measures against CSRF, such as CSRF tokens or HTTP Referer verification. If the victim is an administrator or privileged user, the consequences may include gaining complete control over the web application, such as deleting or modifying data.
We give an example. Deleting a user also deletes related complaints submitted by the user, severely compromises the integrity and availability of the system. |
|---|
| Источник | ⚠️ https://github.com/N1n3b9S/cve/issues/8 |
|---|
| Пользователь | Anonymous User |
|---|
| Представление | 16.07.2025 09:26 (9 месяцы назад) |
|---|
| Модерация | 18.07.2025 21:20 (2 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 316938 [PHPGurukul Complaint Management System 2.0 подделка межсайтовых запросов] |
|---|
| Баллы | 20 |
|---|