| Title | SourceCodester Diary App 1.0 Cross Site Request Forgery |
|---|
| Description | A Cross-Site Request Forgery (CSRF) vulnerability exists in the SourceCodester Diary App in diary.php.
The application performs a state-changing action via the GET parameter `delete` without implementing CSRF protection.
An attacker can craft a malicious webpage that triggers the following request when visited by an authenticated user:
/diary_app/diary-app/diary.php?delete=<id>
This allows attackers to delete diary entries without the user's consent. |
|---|
| Source | ⚠️ https://gist.github.com/Mohdanass/50a525ba0a72e10fda85f0db11eeed92 |
|---|
| User | Anas22335 (UID 96357) |
|---|
| Submission | 03/11/2026 16:42 (26 days ago) |
|---|
| Moderation | 03/27/2026 09:49 (16 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 353855 [SourceCodester Diary App 1.0 diary.php cross-site request forgery] |
|---|
| Points | 20 |
|---|