RSS   Vulnerabilities for 'Csrf magic'   RSS

2019-11-26
 
CVE-2019-17590

CWE-352
 

 
The csrf_callback function in the CSRF Magic library through 2016-03-27 is vulnerable to CSRF protection bypass as it allows one to tamper with the csrf token values. A remote attacker can exploit this by crafting a malicious page and dispersing it to a victim via social engineering, enticing them to click the link. Once the user/victim clicks the "try again" button, the attacker can take over the account and perform unintended actions on the victim's behalf.

 


Copyright 2024, cxsecurity.com

 

Back to Top