vendor:
Complaint Management System
by:
Besim ALTINOK
7.5
CVSS
HIGH
Cross-Site Request Forgery
352
CWE
Product Name: Complaint Management System
Affected Version From: v4.2
Affected Version To: v4.2
Patch Exists: NO
Related CWE: N/A
CPE: a:phpgurukul:complaint_management_system:4.2
Metasploit:
N/A
Other Scripts:
N/A
Platforms Tested: Xampp
2020
Complaint Management System 4.2 – Cross-Site Request Forgery (Delete User)
You can perform CSRF Attack for all the functions. This request performs over the GET request with uid.
Mitigation:
Implementing CSRF protection tokens, using same-site cookies, and validating the HTTP Referer header can help mitigate CSRF attacks.
