silverstripe/graphql Cross-Site Request Forgery vulnerability
Discription

The GraphQL controller lacked any CSRF protection, meaning authenticated users could be forced or tricked into visiting a URL that would send a GET request to the affected web server that could mutate or destroy data without the user…Read More

Back to Main

Subscribe for the latest news: