Azərbaycan Dövlət
İqtİsad Unİversİtetİ

Ariz Maharramli, a student majoring in Information Security at the Faculty of Digital Economics of the Azerbaijan State University of Economics (UNEC), has discovered a significant security vulnerability on NASA’s official website (landsat.gsfc.nasa.gov).

Maharramli identified a critical-level CSRF (Cross-Site Request Forgery) vulnerability within the “Inspiro Theme” platform. This flaw could have allowed unauthorized individuals to gain control of the website and install malicious add-ons without authentication.

Upon discovering the issue, the student promptly reported the vulnerability to NASA’s security team. After reviewing the report, NASA officially acknowledged the submission and expressed gratitude to Maharramli for his contribution to improving the website’s cybersecurity.