The anciwasim Back Link Tracker up to version 1.0.0 contains a CSRF vulnerability that enables Blind SQL Injection attacks. This means that an attacker can trick an authenticated user into submitting a crafted request that executes unauthorized SQL commands on the backend database. The vulnerability has a CVSS 3.1 base score of 8.2, indicating high severity with network attack vector, low attack complexity, no privileges required, user interaction required, scope changed, high confidentiality impact, no integrity impact, and low availability impact. No patch or vendor advisory is currently provided to confirm remediation status.

Successful exploitation of this vulnerability can lead to unauthorized disclosure of sensitive data from the backend database due to Blind SQL Injection. The confidentiality impact is high, while integrity is not impacted and availability impact is low. The attack requires user interaction but no privileges, and can be performed remotely. There are no known exploits in the wild at this time.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider mitigating CSRF risks by implementing standard CSRF protections such as anti-CSRF tokens and validating user requests. Avoid clicking on untrusted links while authenticated in the Back Link Tracker application. Monitor vendor channels for updates regarding patches or official mitigations.