Csrf-Magic Project: >> Csrf-Magic Security Vulnerabilities
In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not configured, the Anti-CSRF Token used is predictable and would permit an attacker to bypass the CSRF protections, because an automatically generated secret is not used.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-08-08