High severity8.8NVD Advisory· Published Aug 8, 2018· Updated Jun 17, 2026

CVE-2013-7464

Description

In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not configured, the Anti-CSRF Token used is predictable and would permit an attacker to bypass the CSRF protections, because an automatically generated secret is not used.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Ezyang/Csrf Magicinferred
Range: <1.0.4
Csrf Magic/csrf-magicllm-create
Range: <1.0.4

Patches

Vulnerability mechanics

References

repo.or.cz/csrf-magic.git/commit/9d2537f70d58b16aeba89779aaf1573b8d618e11nvdPatchThird Party Advisory
csrf.htmlpurifier.org/news/2013/0717-1.0.4-releasednvdRelease NotesVendor Advisory
repo.or.cz/csrf-magic.git/blob/HEAD:/NEWS.txtnvdRelease NotesThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000