CVE-2013-7464

Name of the Vulnerable Software and Affected Versions csrf-magic versions prior to 1.0.4

Description The issue allows an attacker to bypass CSRF protections due to a predictable Anti-CSRF Token. This predictability occurs when the $GLOBALS['csrf']['secret'] is not configured, resulting in the lack of use of an automatically generated secret.

Recommendations For versions prior to 1.0.4, update to version 1.0.4 or later to resolve the issue. As a temporary workaround, consider configuring the $GLOBALS['csrf']['secret'] to prevent the use of a predictable token.