CVE-2013-7464

In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not configured, the Anti-CSRF Token used is predictable and would permit an attacker to bypass the CSRF protections, because an automatically generated secret is not used.
Configurations

Configuration 1 (hide)

cpe:2.3:a:csrf-magic_project:csrf-magic:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-08-08 00:29

Updated : 2024-02-28 16:48


NVD link : CVE-2013-7464

Mitre link : CVE-2013-7464

CVE.ORG link : CVE-2013-7464


JSON object : View

Products Affected

csrf-magic_project

  • csrf-magic
CWE
CWE-352

Cross-Site Request Forgery (CSRF)