| 标题 | The Stock Management System has a CSRF vulnerability |
|---|
| 描述 | In use_ In add.php, add user information and send it to us via post request_ transac. Php, and then stored the new user information in the database without cookie or session verification or referer verification, resulting in a CSRF vulnerability. Similarly, there is a storage XSS vulnerability here,We can use this vulnerability to maliciously add, delete, modify any user, and affect system integrity |
|---|
| 来源 | ⚠️ https://github.com/rickxy/Stock-Management-System/issues/4 |
|---|
| 用户 | ace. (UID 34853) |
|---|
| 提交 | 2022-11-21 12時56分 (4 年前) |
|---|
| 管理 | 2022-11-24 13時09分 (3 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 214331 [rickxy Stock Management System us_transac.php?action=add 跨网站请求伪造] |
|---|
| 积分 | 20 |
|---|