Submit #92954: Online Pizza Ordering System has CSRF vulnerabilityinfo

TitleOnline Pizza Ordering System has CSRF vulnerability
DescriptionBUG_Author: Murasaki URL:http://localhost/php-opos/admin/ajax.php?action=save_user Link:https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html There is a CSRF vulnerability in the Online Pizza Ordering System v1.0. When the administrator is logged in, open the created JS script file to complete the operation of adding an administrator.When the administrator is logged in, open the specified JS script file to complete a series of operations that require permissions, such as adding an administrator. The CSRF vulnerability can complete various permission operations in the background when combined with the stored XSS vulnerability, which seriously affects business processes and permission management.
Source⚠️ https://github.com/1MurasaKi/PizzaCSRF_report/tree/main/vender/Online%20Pizza%20Ordering%20System
User
 Murasaki (UID 41555)
Submission02/22/2023 02:49 (3 years ago)
Moderation02/23/2023 16:20 (2 days later)
StatusAccepted
VulDB entry221681 [SourceCodester Online Pizza Ordering System 1.0 ajax.php?action=save_user cross-site request forgery]
Points20

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!