SYM_RB_0044 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cross-Site Request Forgery (CSRF)
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-352: Cross-Site Request Forgery (CSRF) |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
Disabling CSRF protection with 'skip_forgery_protection' removes safeguards against unauthorized form submissions from malicious websites. This makes it easier for attackers to trick users into performing unwanted actions while logged in.
Impact
If exploited, attackers could force users to perform actions like changing account details or making transactions without their consent. This can lead to account compromise, data loss, or unauthorized access, potentially harming users and the organization.