This page collects WhisperX intelligence signals tagged #CSRF vulnerability. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A security vulnerability has been identified in multiple state-mutating REST API endpoints under `/api/v1/`, where Cross-Site Request Forgery (CSRF) token validation is not enforced when the default configuration `WTF_CSRF_ENABLED` is set to `False`. The flaw affects administrative functions including dashboard saves, ...
A security analysis of the PHP file web/controle/VoluntarioControle.php has uncovered potential vulnerabilities that could expose volunteer management systems to exploitation. The most critical finding points to SQL injection risks, with no evidence of parameterized queries in the codebase—a gap that could allow attack...