# Description
The functionality to reset the OPCache is vulnerable to CSRF. In fact, it would be a good practice to implement a CSRF token in URL if the GET functionality is meant to trigger an action, instead of only retrieving data. Alternatively, it can be turned in a POST request, which I can see already has the CSRF protection implemented.

# Proof of Concept
– Login as admin (but right now it also works with reseller user)
– Open this link: https://v2.demo.froxlor.org/admin_opcacheinfo.php?page=showinfo&action=reset

You will see the “`302“` status code and then, the page redirects to the overview page, as intended.Read More