| Title | ajayrandhawa/User-Management-PHP-MYSQL web 1 Cross-Site Request Forgery |
|---|
| Description | This project has a CSRF vulnerability. After downloading the project and successfully deploying it locally, log in to the administrator account.
The operations of deleting users and changing user status are executed via GET requests, with no CSRF protection measures in place. Attackers can trick administrators into clicking malicious links to delete any user or modify the status of any user. |
|---|
| Source | ⚠️ https://github.com/Lianhaorui/Report/blob/main/CSRF-10.11.7z |
|---|
| User | lianhaorui (UID 91045) |
|---|
| Submission | 10/11/2025 15:37 (8 months ago) |
|---|
| Moderation | 10/25/2025 08:25 (14 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 329872 [ajayrandhawa User-Management-PHP-MYSQL web up to fedcf58797bf2791591606f7b61fdad99ad8bff1 cross-site request forgery] |
|---|
| Points | 19 |
|---|