2021-11-30 17:49:01 |
Mark Sapiro |
description |
A list moderator or list member can potentially carry out a CSRF attach by getting a list admin to visit a crafted web page |
A list moderator or list member can potentially carry out a CSRF attach by getting a list admin to visit a crafted web page.
A moderator or list member can get an admindb or options page with a CSRF token and use that token in a crafted POST request to the admin page to change the list admin password or other settings and convince an admin to submit the POST.
Likewise, a list member can do the same with a POST to the admindb page to handle requests. |
|