CSRF in administration.php

Status: Alpha

Brought to you by: kameraadpjotr

#2 CSRF in administration.php

Milestone: v0.5-beta (bugs)

Status: open-accepted

Owner: Pjotr

Labels: Administration (2)

Priority: 9

Updated: 2010-05-31

Created: 2010-05-30

Creator: Pjotr

Private: No

When deleting an image using URL-parameters (e.g. administration.php?action=foo&subaction=remove&id=bar), it is vulnerable to a CSRF-attack.

Pjotr - 2010-05-31

milestone: 1143199 --> v0.5-beta (bugs)
If you would like to refer to this comment somewhere else in this project, copy and paste the following link: