CodeAnt AI home pagelight logodark logo
  • Dashboard
  • Dashboard
  • Documentation
  • Demo Call with CEO
  • Blog
  • Slack
  • Get Started
    • CodeAnt AI
    • Setup
    • Control Center
    • Pull Request Review
    • IDE
    • Compliance
    • Anti-Patterns
    • Code Governance
    • Infrastructure Security Database
    • Application Security Database
      • Apex
      • Bash
      • C
      • Clojure
      • Cpp
      • Csharp
      • Dockerfile
      • Elixir
      • Fingerprints
      • Generic
      • Go
      • Html
      • Java
      • Javascript
      • Json
      • Kotlin
      • Ocaml
      • Php
        • Doctrine
        • Lang
        • Laravel
          • Security
          • Security
            • Laravel-code-injection
            • Laravel-column-sql-injection
            • Laravel-command-injection
            • Laravel-cookie-not-encrypted
            • Laravel-csrf-not-verified
              • Laravel csrf not verified
            • Laravel-direct-response-write
            • Laravel-http-client-ssrf
            • Laravel-mail-command-injection
            • Laravel-native-sql-injection
            • Laravel-path-traversal-storage
            • Laravel-path-traversal
            • Laravel-raw-sql-injection
            • Laravel-unsafe-entity-loader
            • Laravel-xml-unsafe-parser-flags
            • Search-laravel-form-csrf
        • Secrets
        • Symfony
        • Wordpress-plugins
      • Problem-based-packs
      • Python
      • Ruby
      • Rust
      • Scala
      • Solidity
      • Swift
      • Terraform
      • Typescript
      • Yaml
    Laravel-csrf-not-verified

    Laravel csrf not verified

    The application appears to have disabled the CSRF token verification middleware which can lead to a Cross-site request forgery (CSRF) vulnerability. If the application uses cookie-based authentication, an attacker can trick users into sending authenticated HTTP requests without their knowledge from any arbitrary domain they visit. You can prevent this vulnerability by enforcing usage and verification of the CSRF tokens associated with user requests. To enable the CSRF token verification middleware add \$APP\Http\Middleware\VerifyCsrfToken to the middleware group in your $APP\Http\Kernel class.
    Likelihood: LOW
    Confidence: MEDIUM
    CWE:
    - CWE-352: Cross-Site Request Forgery (CSRF)
    OWASP:
    - A01:2021 - Broken Access Control

    Laravel cookie not encryptedLaravel direct response write
    twitterlinkedin
    Powered by Mintlify
    Assistant
    Responses are generated using AI and may contain mistakes.