-
Notifications
You must be signed in to change notification settings - Fork 37
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
An issue was discovered in Pluck 4.7.10-dev2. There is a CSRF vulnerability that can editpage via a /admin.php?action=editpage #81
Comments
Where did you insert the script?? it is a javascript so it only resides in the client. Please explain more. |
BSteelooper
pushed a commit
that referenced
this issue
Oct 21, 2019
Could you please test the latest dev release 4.7.10-dev4? |
Have you retested with the latest dev version? |
Sorry, I don't have much time. I'll try if I have time
…------------------ 原始邮件 ------------------
发件人: "Bas Steelooper"<notifications@github.com>;
发送时间: 2019年10月22日(星期二) 下午3:19
收件人: "pluck-cms/pluck"<pluck@noreply.github.com>;
抄送: "1113402387"<1113402387@qq.com>; "Author"<author@noreply.github.com>;
主题: Re: [pluck-cms/pluck] An issue was discovered in Pluck 4.7.10-dev2. There is a CSRF vulnerability that can editpage via a /admin.php?action=editpage (#81)
Have you retested with the latest dev version?
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CSRF POC:
The text was updated successfully, but these errors were encountered: