Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition

Valid

Reported on

Nov 15th 2021


Description

CSRF to FlushOwnGhostPeers

Proof of Concept

<a href="https://[UNIT3D-URL]/users/UNIT3D/flushOwnGhostPeers">CLICK ME!</a>

Impact

This vulnerability is capable of tricking users to perform unintended actions.

Occurences

We are processing your report and will contact the hdinnovations/unit3d-community-edition team within 24 hours. 19 days ago
HDVinnie validated this vulnerability 19 days ago
haxatron has been awarded the disclosure bounty
The fix bounty is now up for grabs
HDVinnie confirmed that a fix has been merged on 74695a 19 days ago
HDVinnie has been awarded the fix bounty
stats.blade.php#L26L28 has been validated