Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition


Reported on

Sep 24th 2021


CSRF in deleting comments

Proof of Concept

1. Logging in using admin/staff account
2. Go to torrent
3. Access the link
4 .See that the comment is deleted


This vulnerability is capable of deleting comments


We have contacted a member of the hdinnovations/unit3d-community-edition team and are waiting to hear back 2 years ago
HDVinnie validated this vulnerability 2 years ago
ComradeKtg has been awarded the disclosure bounty
The fix bounty is now up for grabs
HDVinnie marked this as fixed with commit cc1e68 2 years ago
HDVinnie has been awarded the fix bounty
This vulnerability will not receive a CVE
web.php#L191 has been validated
to join this conversation