Cross-Site Request Forgery (CSRF)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-352: Cross-Site Request Forgery (CSRF) |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
CSRF protection is disabled in your Symfony form or framework configuration. This leaves forms vulnerable to malicious requests from other sites, allowing attackers to perform actions on behalf of users without their consent.
Impact#
If exploited, attackers could trick users into submitting unauthorized requests, such as changing account details or performing transactions. This can lead to data loss, account compromise, and unauthorized actions within your application, potentially impacting user trust and organizational security.