PT-2020-12158 · Chadha · Chadha Phpkb Standard Multi-Language
Published
2020-03-12
·
Updated
2022-09-02
·
CVE-2020-10488
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Chadha PHPKB Standard Multi-Language version 9
Description
The issue allows attackers to delete a news article via a crafted request to the "admin/manage-news.php" endpoint. This is made possible by a CSRF flaw.
Recommendations
For Chadha PHPKB Standard Multi-Language version 9, consider implementing proper CSRF protection mechanisms, such as tokens, to prevent unauthorized requests to the "admin/manage-news.php" endpoint. As a temporary workaround, restrict access to this endpoint to minimize the risk of exploitation.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Chadha Phpkb Standard Multi-Language