| Title | atjiu https://github.com/atjiu/pybbs <=6.0.0 CSRF |
|---|
| Description | In the latest version (v6.0.0) of PyBBS, no any CSRF protection, the endpoint /admin/user/edit is used for admin user to modify user's information, such as password, email, bio, etc, all the parameters can be predicted, it allows attacker launch CSRF attacks, thus changing user's information. |
|---|
| Source | ⚠️ https://github.com/atjiu/pybbs/issues/211 |
|---|
| User | ZAST.AI (UID 87884) |
|---|
| Submission | 07/25/2025 09:57 (9 months ago) |
|---|
| Moderation | 08/09/2025 14:35 (15 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 319343 [atjiu pybbs up to 6.0.0 CookieUtil.java setCookie cross-site request forgery] |
|---|
| Points | 17 |
|---|