CVE-2023-49006: Cross-Site Request Forgery (CSRF)

December 19, 2023 (updated January 2, 2024)

Cross Site Request Forgery (CSRF) vulnerability in Phpsysinfo version 3.4.3 allows a remote attacker to obtain sensitive information via a crafted page in the XML.php file.

References

github.com/Hebing123/cve/issues/5
github.com/advisories/GHSA-67gv-xrw7-p72w
github.com/phpsysinfo/phpsysinfo/commit/4f2cee505e4f2e9b369a321063ff2c5e0c34ba45
huntr.com/bounties/ca6d669f-fd82-4188-aae2-69e08740d982/
nvd.nist.gov/vuln/detail/CVE-2023-49006

Detect and mitigate CVE-2023-49006 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →