| CVE编号 | CVE-2025-25748 |
|---|---|
| 发布日期 | 2025-03-11T00:00:00.000Z |
| 更新日期 | 2025-03-11T17:22:36.399Z |
| 状态 | PUBLISHED |
| 受影响的供应商 | n/a |
| 受影响的产品 | n/a |
| 描述 | A CSRF vulnerability in the gestione_utenti.php endpoint of HotelDruid 3.0.7 allows attackers to perform unauthorized actions (e.g., modifying user passwords) on behalf of authenticated users by exploiting the lack of origin or referrer validation and the absence of CSRF tokens. |
参考链接:
