omriinbar-cyesec/Ferdi Vulnerability Secret

## Ferdi Vulnerability
CVE-2022-32320
Vulnerable Product Version: All versions of Ferdi up to and including 5.8.1 and all versions of Ferdium up to and including 6.0.0-nightly.98
Vulnerability Type: Cross-Site Request Forgery (CWE-352)
Description: A cross-site request forgery (CSRF) vulnerability exists in all versions of Ferdi up to and including 5.8.1 and all versions of Ferdium up to and including 6.0.0-nightly.98. The application does not have CSRF checks in place when performing actions such as uploading a settings/preferences file. As a result, attackers could make a user upload a malicious settings file via a CSRF attack which leads to Arbitrary File Read and, in some cases, Remote Code Execution.
	CVE-2022-32320
	Vulnerable Product Version: All versions of Ferdi up to and including 5.8.1 and all versions of Ferdium up to and including 6.0.0-nightly.98
	Vulnerability Type: Cross-Site Request Forgery (CWE-352)
	Description: A cross-site request forgery (CSRF) vulnerability exists in all versions of Ferdi up to and including 5.8.1 and all versions of Ferdium up to and including 6.0.0-nightly.98. The application does not have CSRF checks in place when performing actions such as uploading a settings/preferences file. As a result, attackers could make a user upload a malicious settings file via a CSRF attack which leads to Arbitrary File Read and, in some cases, Remote Code Execution.