Cross-Site Request Forgery (CSRF) in phoronix-test-suite/phoronix-test-suite
Jan 12th 2022
Hi there, I would like to report another CSRF in phoronix
Proof of Concept
- Install a local instance of phoronix
- Create a benchmark and note down benchmark id
- Access the link
/?benchmark/<benchmark-id>/&removeand see that the benchmark is repeated, disabled and removed.
This vulnerability is capable of CSRF.