| 标题 | SourceCodester Computer Laboratory Management System (PHP LMS) 1.0 Cross-Site Request Forgery |
|---|
| 描述 | A Cross-Site Request Forgery (CSRF) vulnerability exists in the PHP LMS application.
The application does not implement CSRF protection on state-changing requests handled by the save_users function in classes/Users.php.
The endpoint POST /classes/Users.php?f=save processes account modification requests without validating a CSRF token or verifying request origin.
An attacker can craft a malicious webpage that, when visited by an authenticated administrator, triggers unauthorized administrator account modification.
This can lead to administrative account takeover and full compromise of the application. |
|---|
| 来源 | ⚠️ https://gist.github.com/richardaugustine/618db4846b5ea60344721c716ef31b4e |
|---|
| 用户 | Richardaugustine (UID 95966) |
|---|
| 提交 | 2026-02-27 06時14分 (2 月前) |
|---|
| 管理 | 2026-03-07 21時57分 (9 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 349748 [SourceCodester Computer Laboratory Management System 1.0 跨网站请求伪造] |
|---|
| 积分 | 20 |
|---|