Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchatValid
Dec 16th 2021
I found one more CSRF at Clean cache in the System tab of System configuration via GET request.
Proof of Concept
<a href="https://demo.livehelperchat.com/site_admin/system/expirecache">CLICK ME!</a>
This vulnerability is capable of tricking admin to clear the cache of the system, that can potential lead to a DoS attack.
Use POST request combined with a CSRF token instead of using GET request.