| Title | Mindskip xzs-mysql 3.9.0 Cross-Site Request Forgery |
|---|
| Description | Mindskip xzs-mysql 3.9.0 lacks cross-site request forgery (CSRF) protection throughout the application. This allows an attacker to trick an authenticated user into performing arbitrary state modification requests, such as submitting exam answers without the user's consent. The lack of CSRF tokens in requests leaves the application highly susceptible to exploitation. |
|---|
| Source | ⚠️ https://github.com/cydtseng/Vulnerability-Research/blob/main/xzs-mysql/CrossSiteRequestForgery-Multiple.md |
|---|
| User | vastzero (UID 78767) |
|---|
| Submission | 01/26/2025 10:51 (1 Year ago) |
|---|
| Moderation | 02/06/2025 15:26 (11 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 294860 [Mindskip xzs-mysql 学之思开源考试系统 3.9.0 cross-site request forgery] |
|---|
| Points | 18 |
|---|