silverstripe/graphql Cross-Site Request Forgery vulnerability
Discription
The GraphQL controller lacked any CSRF protection, meaning authenticated users could be forced or tricked into visiting a URL that would send a GET request to the affected web server that could mutate or destroy data without the user…Read More
References
Back to Main