Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition

Valid

Reported on

Nov 15th 2021

Description

CSRF to FlushOwnGhostPeers

Proof of Concept

<a href="https://[UNIT3D-URL]/users/UNIT3D/flushOwnGhostPeers">CLICK ME!</a>

Impact

This vulnerability is capable of tricking users to perform unintended actions.

Occurrences

We are processing your report and will contact the hdinnovations/unit3d-community-edition team within 24 hours. a year ago
HDVinnie validated this vulnerability a year ago
haxatron has been awarded the disclosure bounty
The fix bounty is now up for grabs
HDVinnie marked this as fixed with commit 74695a a year ago
HDVinnie has been awarded the fix bounty
This vulnerability will not receive a CVE
stats.blade.php#L26L28 has been validated
to join this conversation