CVE-2022-23052

Name of the Vulnerable Software and Affected Versions PeteReport version 0.5

Description The issue allows an attacker to trick users into deleting users, products, reports, and findings on the application through a Cross Site Request Forgery (CSRF) vulnerability. This means an attacker can forge requests that appear to come from the user, potentially leading to unauthorized actions.

Recommendations For PeteReport version 0.5, consider implementing proper CSRF protection mechanisms, such as token-based validation, to prevent attackers from tricking users into performing unintended actions. As a temporary workaround, restrict access to sensitive operations like deleting users, products, reports, and findings until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.