CVE-2013-7464
The CVE-2013-7464 issue affects csrf-magic prior to 1.0.4. If $GLOBALS['csrf']['secret'] is not configured, the Anti-CSRF Token is predictable because an automatically generated secret is not used, allowing CSRF protection bypass. Documents indicate the vulnerability path is within csrf-magic’s t...