CVE-2020-10501

Name of the Vulnerable Software and Affected Versions Chadha PHPKB Standard Multi-Language version 9

Description The issue allows attackers to edit a department, given the id, via a crafted request to the "admin/manage-departments.php" endpoint. This is made possible by a CSRF weakness.

Recommendations For Chadha PHPKB Standard Multi-Language version 9, consider implementing proper CSRF protection mechanisms to prevent unauthorized requests to the "admin/manage-departments.php" endpoint. As a temporary workaround, restrict access to this endpoint to minimize the risk of exploitation.