N/A

Cross Site Request Forgery (CSRF) vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/reset_user_password.html, templates/user/overview.html, core/views/user.py, and templates/user/preferences.html, core/forms.py components.

N/A

N/A

wger 跨站请求伪造漏洞

wger是使用 Django 编写的自托管 FLOSS 健身/锻炼、营养和体重追踪器。 wger Workout Manager v.2.2.0a3版本存在安全漏洞，该漏洞源于存在跨站请求伪造(CSRF)漏洞，允许远程攻击者获取权限。

N/A

N/A