| tiêu đề | CSRF in NXFILTER - Delete user |
|---|
| Mô tả | A CSRF vulnerability in Nxfilter in version x.x.x.x that allows deleting a user without any kind of verification or anti-csrf token. This flaw is extremely dangerous because when deleting the user, he loses all the rules established in the network.
Vulnerability: https://NX_FILTER_IP/user,user.jsp?actionFlag=delete&page=1&kw=teste&id=1623
When the attacker sends this link to the admin and he clicks, the user whose ID is 1623 will be deleted.
This can delete users from nxfilter and then they'll lose their rules in the network.
Nxfilter in version x.x.x.x |
|---|
| Nguồn | ⚠️ https://nxfilter.org/p4/ |
|---|
| Người dùng | 0xgordo (UID 50709) |
|---|
| Đệ trình | 13/07/2023 16:13 (cách đây 3 những năm) |
|---|
| Kiểm duyệt | 22/07/2023 08:23 (9 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 235192 [NxFilter 4.3.2.5 user.jsp Giả mạo yêu cầu liên trang] |
|---|
| điểm | 20 |
|---|