2 matches found
Cross-Site Request Forgery (CSRF) in e107inc/e107
✍️ Description Attacker or malicious user is able to change URL configuration if a logged in user visits attacker website. because lack of CSRF token 🕵️♂️ Proof of Concept 1.when you logged in open this POC.html in a browser 2.you can check unintentionally your search URL changed form /search.php...
CVE-2014-6046
Multiple cross-site request forgery CSRF vulnerabilities in phpMyFAQ before 2.8.13 allow remote attackers to hijack the authentication of unspecified users for requests that 1 delete active users by leveraging improper validation of CSRF tokens or that 2 delete open questions, 3 activate users, 4...