The request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however, it may facilitate the exploitation of other vulnerabilities affecting application users. The original request contains parameters that look like they may be anti-CSRF tokens. However, the request is successful if these parameters are removed.
Recent assessments:
nu11secur1ty at July 31, 2021 5:39pm UTC reported:
The request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however, it may facilitate the exploitation of other vulnerabilities affecting application users. The original request contains parameters that look like they may be anti-CSRF tokens. However, the request is successful if these parameters are removed.
<https://github.com/nu11secur1ty/CVE-mitre/tree/main/PEEL-CSRF>
<https://streamable.com/jzts59>
Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 3