DataDump is vulnerable to CSRF attacks as it does not add and check for tokens. This means that requests to generate or delete dumps can easily be forged.
Description
Description
Event Timeline
Comment Actions
https://github.com/miraheze/DataDump/security/advisories/GHSA-29mh-4vhv-x8mr
Please fill out the details too
Comment Actions
Code pushed to fork but the indentation is messed up and I am on phone. Would appreciate help regarding that.
Comment Actions
Fixed graylog so I could debug this on test3, need to migrate a few changes back to the advisory repo, but it should be good.