Arbitrary comment content change with GET CSRF.
Low
E
ExpressionEngine
Submitted None
Team Summary
Official summary from ExpressionEngine
A vulnerability in Expression Engine 6.0.1 allows unauthorized modification of comments through improperly protected requests.
Actions:
Reported by
d0bby
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Cross-Site Request Forgery (CSRF)