Cross-Site Request Forgery (CSRF) in thorsten/phpmyfaq
Dec 28th 2021
Hi there, there is a CSRF in your logout function. This will force admin to logout if he/she clicks on the link attacker gives him.
Proof of Concept
- Install phpmyfaq on your system.
- Login as admin
- Open this link
- See that you are logged out of phpmyfaq.
This vulnerability is capable of CSRF.