CSRF Token Regeneration Vulnerability in Yii Framework 2.x before 2.0.14
CVE-2018-6009 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:P/A:P
In Yii Framework 2.x before 2.0.14, the switchIdentity function in web/User.php did not regenerate the CSRF token upon a change of identity.
Learn more about our Web App Pen Testing.