Filtered by vendor Csrf-magic Project
Subscribe
Total
1 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-7464 | 1 Csrf-magic Project | 1 Csrf-magic | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not configured, the Anti-CSRF Token used is predictable and would permit an attacker to bypass the CSRF protections, because an automatically generated secret is not used. |