Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition


Reported on

Nov 15th 2021


CSRF to FlushOwnGhostPeers

Proof of Concept

<a href="https://[UNIT3D-URL]/users/UNIT3D/flushOwnGhostPeers">CLICK ME!</a>


This vulnerability is capable of tricking users to perform unintended actions.


We are processing your report and will contact the hdinnovations/unit3d-community-edition team within 24 hours. 19 days ago
HDVinnie validated this vulnerability 19 days ago
haxatron has been awarded the disclosure bounty
The fix bounty is now up for grabs
HDVinnie confirmed that a fix has been merged on 74695a 19 days ago
HDVinnie has been awarded the fix bounty
stats.blade.php#L26L28 has been validated