PT-2020-12172 · Chadha · Phpkb Standard Multi-Language
Published
2020-03-12
·
Updated
2022-09-02
·
CVE-2020-10502
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Chadha PHPKB Standard Multi-Language version 9
Description
The issue allows attackers to approve any comment by providing the id via a crafted request to the admin/manage-comments.php endpoint.
Recommendations
For version 9, consider validating requests to the admin/manage-comments.php endpoint to prevent CSRF attacks, and ensure that only authorized users can approve comments.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phpkb Standard Multi-Language