laravel-filemanager Cross Site Request Forgery (CSRF) to File Deletion (security bug)

Cross Site Request Forgery (CSRF) to File Deletion (security bug)

Open Veyselxan opened this issue 2 years ago • 0 comments

Any requests which modifies data should not be sent by using GET method. So while deletion or renaming file csrf token not validated

Get Method: site/laravel-filemanager/delete?working_dir=%2F2&type=Images&items%5B%5D=filename.jpg&_=1646834633028

Mar 19 '22 09:03 Veyselxan