Cross-Site Request Forgery (CSRF) in thorsten/phpmyfaq
Valid
Reported on
Dec 29th 2021
Description
Hi there, another CSRF in clearing search items.
Proof of Concept
- Install a local instance of phpmyfaq.
- Go to this link
/phpmyfaq/admin/?action=truncatesearchterms
- See that all search terms are deleted.
Impact
This vulnerability is capable of CSRF.
We are processing your report and will contact the
thorsten/phpmyfaq
team within 24 hours.
a year ago
We have contacted a member of the
thorsten/phpmyfaq
team and are waiting to hear back
a year ago
Hi, this works only if you're logged in as admin with proper rights, right?
Hi there, yes that's true. In real attack scenario, the attacker would send the link to the admin and when they click it, all search terms are deleted.
That's true, but works only, if the admin is logged in. I'll fix it anyway.
a year ago
This is the patch for the 3.0 branch, will be merged later to main:
https://github.com/thorsten/phpMyFAQ/commit/4310640935684486bed5edd5de211d8fa0d3372a
to join this conversation