Submit #728314: PHPEMS <=11.0 Cross-Site Request Forgeryinfo

TitlePHPEMS <=11.0 Cross-Site Request Forgery
DescriptionPHPEMS version <=11.0 is affected by a Cross-Site Request Forgery (CSRF) vulnerability. An attacker can craft a malicious web page and trick an authenticated PHPEMS administrator or user into visiting it. Without additional user interaction, this allows the attacker to execute unintended sensitive actions (e.g., modifying system configurations, submitting malicious data), leading to unauthorized system state tampering or privilege escalation. This vulnerability occurs because the application does not implement CSRF protection mechanisms (such as CSRF tokens) for critical requests.
Source⚠️ https://byebydoggy.github.io/post/2025/1231-phpems-csrf-poc/
User
 byebyedoggy (UID 90091)
Submission12/31/2025 15:33 (5 months ago)
Moderation01/01/2026 09:43 (18 hours later)
StatusAccepted
VulDB entry339325 [PHPEMS up to 11.0 cross-site request forgery]
Points20

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!