漏洞详情: CVE-2024-5097

漏洞标题
SourceCodester Simple Inventory System tableedit.php#page=editprice cross-site request forgery
来源:NVD
Simple Inventory System 跨站请求伪造漏洞
来源:CNNVD
漏洞描述
A vulnerability, which was classified as problematic, was found in SourceCodester Simple Inventory System 1.0. Affected is an unknown function of the file /tableedit.php#page=editprice. The manipulation of the argument itemnumber leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265080.
来源:NVD
Simple Inventory System是argie个人开发者的一个简单库存系统。 SourceCodester Simple Inventory System 1.0版本存在跨站请求伪造漏洞,该漏洞源于文件/tableedit.php#page=editprice的参数itemnumber会导致跨站请求伪造。
来源:CNNVD
None
来源:神龙机器人
漏洞评分(CVSS)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
来源:NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
来源:神龙机器人, 准确率:8/8 = 100.00%
漏洞类别
跨站请求伪造(CSRF)
来源:NVD
跨站请求伪造
来源:CNNVD
相关链接