PT-2020-12159 · Chadha · Chadha Phpkb Standard Multi-Language
Published
2020-03-12
·
Updated
2022-09-02
·
CVE-2020-10489
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Chadha PHPKB Standard Multi-Language version 9
Description
The issue allows attackers to delete a ticket via a crafted request to the "admin/manage-tickets.php" endpoint. This is made possible by a CSRF weakness.
Recommendations
For Chadha PHPKB Standard Multi-Language version 9, consider implementing proper CSRF protection mechanisms to prevent unauthorized requests to the "admin/manage-tickets.php" endpoint. As a temporary workaround, restrict access to this endpoint to minimize the risk of exploitation.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Chadha Phpkb Standard Multi-Language