Zodiac0704

**Name of the Vulnerable Software and Affected Versions** Social media skeleton versions prior to 1.0.5 **Description** A Cross-site request forgery (CSRF) attack is a type of malicious attack whereby an attacker tricks a victim into performing an action on a website that they do not intend to do. This can be done by sending the victim a malicious link or by exploiting a vulnerability in the website. The Social media skeleton project did not properly restrict CSRF attacks prior to version 1.0.5. **Recommendations** For versions prior to 1.0.5, upgrade to version 1.0.5 to address the CSRF vulnerability. As a temporary workaround, consider implementing additional security measures to restrict malicious requests, but it is advised to upgrade as soon as possible since there are no known workarounds for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Social media skeleton versions prior to 1.0.5 **Description** The issue concerns a social media project implemented using php, css, javascript, and html. Prior to version 1.0.5, the project did not properly salt passwords, leaving user passwords susceptible to cracking should an attacker gain access to hashed passwords. This issue has been addressed in version 1.0.5. **Recommendations** For versions prior to 1.0.5, upgrade to version 1.0.5 to address the issue. As a temporary workaround, consider implementing additional security measures to protect user passwords until the upgrade can be applied.

**Name of the Vulnerable Software and Affected Versions** Social media skeleton versions prior to 1.0.5 **Description** Insufficient session expiration is a web application security vulnerability that occurs when a web application does not properly manage the lifecycle of a user's session. This issue affects Social media skeleton, an uncompleted/framework social media project implemented using php, css, javascript, and html. The estimated number of potentially affected devices worldwide is not specified. There are no known real-world incidents where this issue was exploited. **Recommendations** For Social media skeleton versions prior to 1.0.5, upgrade to version 1.0.5 to address the issue. As a temporary workaround, consider implementing proper session management and expiration mechanisms until the official patch is applied. Restrict access to sensitive areas of the application to minimize the risk of exploitation. Avoid using persistent sessions or implement a session timeout to reduce the risk.