Lucene search

K

Veracode Vulnerability DatabaseVERACODE:47261

HistoryMay 30, 2024 - 6:04 a.m.

Cross-site Request Forgery (CSRF)

2024-05-3006:04:15

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

2

cross-site request forgery

csrf

sylius/admin-bundle

vulnerability

administrative actions

unauthorized actions

7.1 High

AI Score

Confidence

Low

sylius/admin-bundle is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability is due to the absence of a CSRF token requirement in several administrative actions, such as marking orders payments as completed or refunded, and marking product reviews as accepted or rejected. This flaws allowing attackers to perform unauthorized actions on behalf of authenticated users.

7.1 High

AI Score

Confidence

Low