Cross-site Request Forgery (CSRF)

2021-11-1504:27:18

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

31.2%

JSON

showdoc/showdoc is vulnerable to cross-site request forgery. The vulnerability exists through the register function in UserController.class.php, allowing an attacker to add any member to the team.

CPENameOperatorVersion
showdoc/showdoclev2.9.12
showdoc/showdoclev2.9.12

CPE	Name	Operator	Version
	showdoc/showdoc	le	v2.9.12
	showdoc/showdoc	le	v2.9.12

References

github.com/star7th/showdoc/commit/67093c879a6563aa6ee08003177777d1975e2351

huntr.dev/bounties/e0edf27d-437e-44fe-907a-df020f385304

huntr.dev/bounties/e0edf27d-437e-44fe-907a-df020f385304/

0.001 Low

EPSS

Percentile

31.2%

JSON

Related for VERACODE:32971