ID | CVSS | Summary | Last (major) update | Published | |
CVE-2013-7464 | 6.8 |
In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not configured, the Anti-CSRF Token used is predictable and would permit an attacker to bypass the CSRF protections, because an automatically generated secret is not used.
|
09-10-2018 - 13:48 | 08-08-2018 - 00:29 |