#176 ✓resolved

CSRF vulnerability needs fixing

Reported by expNinja | May 4th, 2011 @ 07:32 PM | in Beta 3

When an admin is logged in, the URL to create a user can be passed (say, from the source of an image tag) and silently create a user. We just need to prevent off-site creation of users.

Comments and changes to this ticket

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Bug Tracker for Exponent CMS

Shared Ticket Bins

People watching this ticket