1. GodObjectProfile CSRF Flaw Exposes User Profiles to Unauthorized Manipulation via GET Requests
A critical Cross-Site Request Forgery vulnerability has been identified in the GodObjectProfile action within a .NET 9 application, allowing external sites to silently mutate user profile data without consent. The flaw stems from state-changing operations being exposed through GET query parameters, violating a fundamen...