Cross-Site Request Forgery (CSRF) in phoronix-test-suite/phoronix-test-suite
Valid
Reported on
Jan 12th 2022
Description
Hi there, I would like to report another CSRF in phoronix
Proof of Concept
- Install a local instance of phoronix
- Create a benchmark and note down benchmark id
- Access the link
/?benchmark/<benchmark-id>/&repeat
,/?benchmark/<benchmark-id>/&disable
and/?benchmark/<benchmark-id>/&remove
and see that the benchmark is repeated, disabled and removed.
Impact
This vulnerability is capable of CSRF.
Occurrences
We are processing your report and will contact the
phoronix-test-suite
team within 24 hours.
a year ago
We have contacted a member of the
phoronix-test-suite
team and are waiting to hear back
a year ago
A phoronix-test-suite/phoronix-test-suite maintainer
marked this as fixed in
10.8.0 with commit 5755b3
a year ago
The fix bounty has been dropped
This vulnerability will not receive a CVE
phoromatic_benchmark.php#L110
has been validated
to join this conversation