Lucene search
Leorac8BC78CB1-B10B-4152-842E-CEB999FC5508HistoryFeb 04, 2023 - 6:14 p.m.
GET based CSRF on delete user functionality
2023-02-0418:14:41
leorac
www.huntr.dev
9
csrf
vulnerability
delete user
bugbounty
EPSS
0.001
Percentile
31.0%
Description
The /account/delete functionality is vulnerable to CSRF. In this way, an attacker can trick the victim to delete his own account just clicking on the link.
Steps to reproduce
- Login with a user
- Now go here:
https://app.wallabag.it/account/delete - The account is now deleted without any confirmation
Related
veracode
veracode
Cross-Site Request Forgery (CSRF)
2023-02-13 05:55:46
nvd
nvd
CVE-2023-0735
2023-02-07 23:15:09
prion
prion
Cross site request forgery (csrf)
2023-02-07 23:15:00
osv
osv
Cross-Site Request Forgery (CSRF) in wallabag/wallabag
2023-02-08 00:30:34
CVE-2023-0735
2023-02-07 23:15:09
cvelist
cvelist
CVE-2023-0735 Cross-Site Request Forgery (CSRF) in wallabag/wallabag
2023-02-07 00:00:00
github
github
Cross-Site Request Forgery (CSRF) in wallabag/wallabag
2023-02-08 00:30:34
cve
cve
CVE-2023-0735
2023-02-07 23:15:09