| tiêu đề | SourceCodester Simple Online Bidding System 1.0 Cross-Site Request Forgery |
|---|
| Mô tả | CSRF vulnerability exists in Sourcecodester Simple Online Bidding System
official website:https://www.sourcecodester.com/php/14558/simple-online-bidding-system-using-phpmysqli-source-code.html
version:v1.0
route:/simple-online-bidding-system/admin/index.php?page=manage_product
related code file:admin_class.php
related_function:save_product()
The `save_product()` function in `admin_class.php` receives product-related parameters via POST without performing effective uniqueness verification on the data packet. It directly proceeds to concatenate SQL statements and update operations, which allows attackers to forge data packets and execute CSRF attacks. |
|---|
| Nguồn | ⚠️ https://github.com/kaikai145154/CVE-CSRF/blob/main/SourceCodester%20Simple%20Online%20Bidding%20System%20CSRF.md |
|---|
| Người dùng | kaikai145154 (UID 69611) |
|---|
| Đệ trình | 27/05/2024 04:26 (cách đây 2 những năm) |
|---|
| Kiểm duyệt | 28/05/2024 09:30 (1 day later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 266383 [SourceCodester Simple Online Bidding System 1.0 HTTP POST Request index.php?page=manage_product save_product Giả mạo yêu cầu liên trang] |
|---|
| điểm | 20 |
|---|