VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 8, 2022· Updated Apr 15, 2025

CTF-hacker pwn delete.html cross-site request forgery

CVE-2022-4349

Description

A vulnerability classified as problematic has been found in CTF-hacker pwn. This affects an unknown part of the file delete.html. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215109 was assigned to this vulnerability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

CTF-hacker pwn has a stored CSRF vulnerability in delete.html allowing admin account to be manipulated via forged requests.

Vulnerability

A cross-site request forgery (CSRF) vulnerability exists in the delete.html file of CTF-hacker pwn. The issue affects an unknown version and allows an attacker to perform unauthorized actions on the administrator account. The vulnerability has been assigned the identifier VDB-215109 [1].

Exploitation

To exploit this vulnerability, an attacker must trick an authenticated administrator into visiting a crafted page or clicking a malicious link while logged into the application. No special network position or authentication is required aside from the victim's session. The attacker can then submit forged requests to the delete.html endpoint, performing actions on behalf of the administrator [1].

Impact

Successful exploitation enables the attacker to perform administrative actions, such as deleting content, without the administrator's consent. This leads to a loss of integrity and potentially availability, depending on what the delete.html function controls [1].

Mitigation

As of the publication date (2022-12-08), no fix or updated version has been released. The vendor has not provided a patch or workaround. Administrators should implement CSRF tokens and validate request origins to mitigate the risk [1].

References
  1. There is a CSRF vulnerability in the administrator account · Issue #I5WAAB · Pwn师傅/Pwn - Gitee

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • CTF-hacker/pwnllm-create2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: n/a

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.