GHSA-HCFF-QV74-7HR4 Gokapi has CSRF in Login Endpoint
Summary The login flow accepts credential-bearing requests without CSRF protection mechanisms tied to the browser session context. The handler parses form values directly and creates a session on successful credential validation. Issue found by aisafe.io Impact An attacker can force a victim...