Project:
View Revisions: Issue #41748 | [ All Revisions ] [ Back to Issue ] | ||
Summary | 0041748: DeleteImageActionHandler is vulnerable to CSRF attacks | ||
Revision | 2019-09-20 10:13 by AugustoMauch | ||
Description | DeleteImageActionHandler is not protected against CSRF attacks | ||
Revision | 2019-09-04 12:43 by AugustoMauch | ||
Description | On image delete on new records it is possible to trick the system into deleting other images, it is important to check for CSRF token so we make sure that the same person that uploaded the image is deleting it. |
Copyright © 2000 - 2009 MantisBT Group |