Cross-Site Request Forgery (CSRF) in phoronix-test-suite/phoronix-test-suite
Jan 10th 2022
Hello phoronix test suite maintainer team, there is a Cross site request forgery vulnerability in phoronix test suite.
Proof of Concept
- Install phoronix test suite on your system
- Create a test suite
- Open another tab in browser and go to the link
/?local_suites/delete/<suite-name>-1.0.0, for example if suite name is suite-1, then the link would be
/?local_suites/delete/suite-1-1.0.0and see that the local test suite is deleted.
This vulnerability is capable of CSRF.