Access [baseurl]/index.php/component/tags/?limit=20&start=0. The page source includes a form called adminform.
adminform would include an anti-CSRF token to prevent cross site request forgery vulnerability.
adminForm does not have an anti-CSRF token
Joomla: 3.8.5
Labels |
Added:
?
|
Status | New | ⇒ | Expected Behaviour |
Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2018-02-17 06:41:05 |
Closed_By | ⇒ | franz-wohlkoenig |
Status | Expected Behaviour | ⇒ | Closed |
Closed_By | franz-wohlkoenig | ⇒ | joomla-cms-bot |
Set to "closed" on behalf of @franz-wohlkoenig by The JTracker Application at issues.joomla.org/joomla-cms/19711
Closed as expected Behaviour.
Category | ⇒ | com_tags |
It's bad copy/paste if anything. The forms on the tags frontend layouts are all related to pagination and result filtering (read operations only), no need for CSRF here as these forms should be doing GET requests (why they use POST beats me but
¯\_(ツ)_/¯
).