CSRF in doremoveblogpost.action

XMLWordPrintable

    • 5

      Any page can be deleted if a user with sufficient privileges to delete the page clicks an attacker controlled link, or views an image at an attack controller URL.

      /pages/doremoveblogpost.action?pageId=<page to delete>

              Assignee:
              Dougall Johnson
              Reporter:
              Dougall Johnson
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: