PT-2013-3922 · Php · Php Address Book
Publicado
2013-04-09
·
Atualizado
2013-04-09
·
CVE-2013-2778
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
PHP Address Book version 8.2.5
Description
A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators for requests that delete accounts.
Recommendations
For PHP Address Book version 8.2.5, consider implementing proper CSRF protection mechanisms, such as token-based validation, to prevent unauthorized account deletion requests. As a temporary workaround, restrict access to the
delete user.php file in the addressbook/register directory to minimize the risk of exploitation.Correção
CSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Php Address Book