Cross-Site Request Forgery (CSRF) in pheditor/pheditor
Dec 26th 2021
Hi there, there is a minor CSRF problem in your logout function, this will force the user to logout without their consent.
Proof of Concept
- Install phpeditor on your system
- Login as admin
- Go to this link
- See that you are logged out of phpeditor.
This vulnerability is capable of CSRF.
We have sent a third and final follow up to the pheditor team. This report is now considered stale. a year ago
Hamid Samak validated this vulnerability a year ago
justinp09010 has been awarded the disclosure bounty
The fix bounty is now up for grabs
Hamid Samak marked this as fixed in 2.0.0 with commit 7660bd a year ago
This vulnerability will not receive a CVE
to join this conversation