-
Notifications
You must be signed in to change notification settings - Fork 137
20200722 CSRF Bypass On Endpoints With No Body Parameters
Arjen van Bochoven edited this page Jul 22, 2020
·
1 revision
CSRF CSRF Bypass On Endpoints With No Body Parameters - CVE-2020-15882
A Cross-site request forgery (CRSF) attack is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or manipulation of an end user's account. The application does not correctly check the CSRF token when requests are made via any HTTP Method other than POST or DELETE.
- Version specific upgrade notes - https://github.com/munkireport/munkireport-php/wiki/How-to-Upgrade-Versions
- General upgrade documentation - https://github.com/munkireport/munkireport-php/wiki/General-Upgrade-Procedures
- General Upgrade Procedures
- How to Upgrade Versions
- Troubleshooting Upgrades
- Migrating sqlite to MySQL