Lucene search
Khanhchauminh52DFAC87-4FD3-4DFB-83D2-D39916764D43HistoryDec 16, 2021 - 2:21 p.m.
Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat
2021-12-1614:21:25
khanhchauminh
www.huntr.dev
6
0.001 Low
EPSS
Percentile
47.4%
Description
I found one more CSRF at Clean cache in theSystemtab ofSystem configuration via GET request.
Proof of Concept
<a href="https://demo.livehelperchat.com/site_admin/system/expirecache">CLICK ME!</a>
Impact
This vulnerability is capable of tricking admin to clear the cache of the system, that can potential lead to a DoS attack.
Remediation
Use POST request combined with a CSRF token instead of using GET request.
Related
osv
osv
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
2022-01-05 20:33:55
BIT-livehelperchat-2021-4131
2024-03-06 10:59:13
CVE-2021-4131
2021-12-18 07:15:06
github
github
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
2022-01-05 20:33:55
cve
cve
CVE-2021-4131
2021-12-18 07:15:06
cnvd
cnvd
livehelperchat Cross-site Request Forgery Vulnerability (CNVD-2022-01694)
2021-12-21 00:00:00
veracode
veracode
Cross-Site Request Forgery (CSRF)
2021-12-20 04:08:07
prion
prion
Cross site request forgery (csrf)
2021-12-18 07:15:00
cvelist
cvelist
nvd
nvd
CVE-2021-4131
2021-12-18 07:15:06