| Название | SourceCodester Diary App 1.0 Cross Site Request Forgery |
|---|
| Описание | A Cross-Site Request Forgery (CSRF) vulnerability exists in the SourceCodester Diary App in diary.php.
The application performs a state-changing action via the GET parameter `delete` without implementing CSRF protection.
An attacker can craft a malicious webpage that triggers the following request when visited by an authenticated user:
/diary_app/diary-app/diary.php?delete=<id>
This allows attackers to delete diary entries without the user's consent. |
|---|
| Источник | ⚠️ https://gist.github.com/Mohdanass/50a525ba0a72e10fda85f0db11eeed92 |
|---|
| Пользователь | Anas22335 (UID 96357) |
|---|
| Представление | 11.03.2026 16:42 (25 дни назад) |
|---|
| Модерация | 27.03.2026 09:49 (16 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 353855 [SourceCodester Diary App 1.0 diary.php подделка межсайтовых запросов] |
|---|
| Баллы | 20 |
|---|