3 matches found
CVE-2018-6009
In Yii Framework 2.x before 2.0.14, the switchIdentity function in web/User.php did not regenerate the CSRF token upon a change of identity...
CVE-2018-6009
In Yii Framework 2.x prior to 2.0.14, the switchIdentity() function in yii\web\User.php did not regenerate the CSRF token on identity changes, potentially allowing CSRF token mismatch after login state changes. Public advisories confirm this Cross‑Site Request Forgery risk. remediation: upgrade t...
CVE-2018-6009
In Yii Framework 2.x before 2.0.14, the switchIdentity function in web/User.php did not regenerate the CSRF token upon a change of identity...