SYM_PHP_0045 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cross-Site Request Forgery (CSRF)
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-352: Cross-Site Request Forgery (CSRF) |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
CSRF protection is disabled in your Symfony form or framework configuration. This leaves forms vulnerable to malicious requests from other sites, allowing attackers to perform actions on behalf of users without their consent.
Impact
If exploited, attackers could trick users into submitting unauthorized requests, such as changing account details or performing transactions. This can lead to data loss, account compromise, and unauthorized actions within your application, potentially impacting user trust and organizational security.