Cross-Site Request Forgery (CSRF)
| Property | |
|---|---|
| Language | generic |
| Severity |  |
| CWE | CWE-352: Cross-Site Request Forgery (CSRF) |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
A form in your Laravel Blade template is using a state-changing HTTP method (like POST, PUT, PATCH, or DELETE) but is missing Laravel’s CSRF protection (such as the @csrf directive or a CSRF token). This leaves the form vulnerable to unauthorized requests from malicious sites.
Impact#
If exploited, an attacker could trick users into submitting unwanted requests to your application, potentially changing data or performing actions on their behalf without their consent. This could lead to unauthorized modifications, data loss, or compromise of sensitive user information.