IDCVSSSummaryLast (major) updatePublished
CVE-2013-7464 6.8
In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not configured, the Anti-CSRF Token used is predictable and would permit an attacker to bypass the CSRF protections, because an automatically generated secret is not used.
09-10-2018 - 13:48 08-08-2018 - 00:29
Back to Top Mark selected
Back to Top