Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The send_message.php endpoint in SourceCodester Simple Public Chat Room 1.0 is vulnerable to Cross-Site Request Forgery (CSRF). The application does not implement any CSRF-protection mechanisms such as tokens, nonces, or same-site cookie restrictions. An attacker can create a malicious HTML page that, when visited by an authenticated user, will automatically submit a forged POST request to the vulnerable endpoint. This request will be executed with the victim's privileges, allowing the attacker to perform unauthorized actions on their behalf, such as sending arbitrary messages in any chat room.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SourceCodester Simple Public Chat Room 安全漏洞
Vulnerability Description
SourceCodester Simple Public Chat Room是SourceCodester开源的一个简单的公共聊天室。 SourceCodester Simple Public Chat Room 1.0版本存在安全漏洞,该漏洞源于send_message.php端点未实现CSRF保护机制,可能导致跨站请求伪造攻击。
CVSS Information
N/A
Vulnerability Type
N/A