Lucene search
Csrf-magic Security Vulnerabilities
cve
In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not configured, the Anti-CSRF Token used is predictable and would permit an attacker to bypass the CSRF protections, because an automatically generated secret is not...
8.8CVSS
8.7AI Score
0.002EPSS
2018-08-08 12:29 AM
19