Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-41500: EyouCMS v1.5.9 has a vulnerability, Cross-site request forgery(CSRF) · Issue #27 · weng-xianhu/eyoucms

EyouCMS V1.5.9 was discovered to contain multiple Cross-Site Request Forgery (CSRF) vulnerabilities via the Members Center, Editorial Membership, and Points Recharge components.

CVE
#csrf#vulnerability#web

A security vulnerability exists in EyouCMS V1.5.9 in the backend, Members Center, Editing Membership, and Points Top-up.

  1. Enter the background - > member center - > edit member - > points recharge, as shown in the figure:
  1. Grab the recharge request package and construct it, as shown below:

  2. Open and enter the background page in the browser to view the user test01 points:

  1. Click on the constructed web page:
The figure above shows the page that automatically jumps after successful execution to check whether the points have increased:

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda