AI Score
Confidence
Low
The GraphQL controller lacked any CSRF protection, meaning authenticated users could be forced or tricked into visiting a URL that would send a GET request to the affected web server that could mutate or destroy data without the user knowing.
github.com/FriendsOfPHP/security-advisories/blob/master/silverstripe/graphql/SS-2018-007-1.yaml
github.com/silverstripe/silverstripe-graphql
github.com/silverstripe/silverstripe-graphql/commit/b59ba397ff42d8934bd2d9c932514f898c327f64
www.silverstripe.org/download/security-releases/ss-2018-007