Silverstripe Forum Module CSRF Vulnerability

A number of form actions in the Forum module are directly accessible. A malicious user e.g. spammer can use GET requests to create Members and post to forums, bypassing CSRF and anti-spam measures. Additionally, a forum moderator could be tricked into clicking a specially crafted URL, resulting i...

PT-2024-40494 · Unknown · Forum Module

Name of the Vulnerable Software and Affected Versions: Forum module affected versions not specified Description: The issue allows malicious users, such as spammers, to create members and post to forums using GET requests, bypassing CSRF and anti-spam measures. Additionally, a forum moderator can ...