FUEL CMS 1.4.13 contains a cross-site request forgery (CSRF) vulnerability #578

leerina · 2021-07-02T02:26:46Z

Hi:
FUEL CMS 1.4.13 contains a cross-site request forgery (CSRF) vulnerability that can delete a user account via a post ID to /users/delete/2

POC:

leerina changed the title ~~FUEL CMS 1.4.13 contains a cross-site request forgery (CSRF) vulnerability that can delete a user account via a post ID to /users/delete/2~~ FUEL CMS 1.4.13 contains a cross-site request forgery (CSRF) vulnerability Jul 2, 2021

daylightstudio pushed a commit that referenced this issue Jul 2, 2021

fix: for issue #578 and #579

5bebe56

daylightstudio closed this as completed Aug 10, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

FUEL CMS 1.4.13 contains a cross-site request forgery (CSRF) vulnerability #578

FUEL CMS 1.4.13 contains a cross-site request forgery (CSRF) vulnerability #578

leerina commented Jul 2, 2021 •

edited

Loading

FUEL CMS 1.4.13 contains a cross-site request forgery (CSRF) vulnerability #578

FUEL CMS 1.4.13 contains a cross-site request forgery (CSRF) vulnerability #578

Comments

leerina commented Jul 2, 2021 • edited Loading

leerina commented Jul 2, 2021 •

edited

Loading