PT-2020-12169 · Chadha · Chadha Phpkb Standard Multi-Language
Published
2020-03-12
·
Updated
2022-09-02
·
CVE-2020-10499
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Chadha PHPKB Standard Multi-Language version 9
Description
The issue allows attackers to close any ticket, given the
id, via a crafted request to the "admin/manage-tickets.php" endpoint. This is made possible by a CSRF flaw.Recommendations
For Chadha PHPKB Standard Multi-Language version 9, consider implementing proper CSRF protection mechanisms to prevent unauthorized requests to the "admin/manage-tickets.php" endpoint. As a temporary workaround, restrict access to this endpoint to minimize the risk of exploitation.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Chadha Phpkb Standard Multi-Language