← voltar
CVE-2013-7464

CVE-2013-7464

EPSS 0.8%
In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not configured, the Anti-CSRF Token used is predictable and would permit an attacker to bypass the CSRF protections, because an automatically generated secret is not used.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://csrf.htmlpurifier.org/news/2013/0717-1.0.4-releasedhttp://repo.or.cz/csrf-magic.git/blob/HEAD:/NEWS.txthttp://repo.or.cz/csrf-magic.git/commit/9d2537f70d58b16aeba89779aaf1573b8d618e11