CSRF Token Regeneration Vulnerability in Yii Framework 2.x before 2.0.14

CVE-2018-6009 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

In Yii Framework 2.x before 2.0.14, the switchIdentity function in web/User.php did not regenerate the CSRF token upon a change of identity.

Learn more about our Web App Pen Testing.