Arunna Cross-Site Request Forgery Vulnerability

A cross-site request forgery (CSRF) vulnerability has been identified in Arunna version 1.0.0. This vulnerability allows attackers to manipulate user profile settings without authentication. By crafting a malicious form, attackers can trick authenticated users into submitting it, thereby changing user details such as passwords, email addresses, and administrative privileges.

Impact

Exploitation of this vulnerability allows for unauthorized changes to user profile settings, including sensitive information such as passwords and email addresses, as well as administrative privileges.

Reproduction

To reproduce this vulnerability, an attacker must create a malicious form that includes the necessary fields to change user profile information. This form should be designed to be submitted by an authenticated user without their knowledge. Once the form is submitted, the user's profile settings will be altered according to the information provided in the form.