Cross-Site Request Forgery (CSRF) in thorsten/phpmyfaq

Valid

Reported on

Dec 28th 2021


Description

Hi there, there is a CSRF in your logout function. This will force admin to logout if he/she clicks on the link attacker gives him.

Proof of Concept

  1. Install phpmyfaq on your system.
  2. Login as admin
  3. Open this link /admin/index.php?action=logout
  4. See that you are logged out of phpmyfaq.

Impact

This vulnerability is capable of CSRF.

We are processing your report and will contact the thorsten/phpmyfaq team within 24 hours. 5 months ago
We have contacted a member of the thorsten/phpmyfaq team and are waiting to hear back 5 months ago
Thorsten Rinne validated this vulnerability 5 months ago
justinp09010 has been awarded the disclosure bounty
The fix bounty is now up for grabs
Thorsten Rinne submitted a
patch
5 months ago
Thorsten Rinne
5 months ago

Maintainer


This is the fix for the 3.0 branch, will merge it later to main.

https://github.com/thorsten/phpMyFAQ/commit/d9d41476a5ceaa333d272abb5a5d2e03a8ac11fb

Thorsten Rinne
5 months ago

Maintainer


Can you confirm the patch?

Thorsten Rinne confirmed that a fix has been merged on 560239 4 months ago
Thorsten Rinne has been awarded the fix bounty
to join this conversation