Get Started
- CodeAnt AI
- Control Center
- Pull Request Review
- IDE
- Compliance
- Anti-Patterns
- Code Governance
- Infrastructure Security Database
- Application Security Database
- Apex
- Bash
- C
- Clojure
- Cpp
- Csharp
- Dockerfile
- Elixir
- Fingerprints
- Generic
- Go
- Html
- Java
- Javascript
- Json
- Kotlin
- Ocaml
- Php
- Doctrine
- Lang
- Laravel
- Security
- Security
- Laravel-code-injection
- Laravel-column-sql-injection
- Laravel-command-injection
- Laravel-cookie-not-encrypted
- Laravel-csrf-not-verified
- Laravel-direct-response-write
- Laravel-http-client-ssrf
- Laravel-mail-command-injection
- Laravel-native-sql-injection
- Laravel-path-traversal-storage
- Laravel-path-traversal
- Laravel-raw-sql-injection
- Laravel-unsafe-entity-loader
- Laravel-xml-unsafe-parser-flags
- Search-laravel-form-csrf
- Secrets
- Symfony
- Wordpress-plugins
- Problem-based-packs
- Python
- Ruby
- Rust
- Scala
- Solidity
- Swift
- Terraform
- Typescript
- Yaml
Laravel-csrf-not-verified
Laravel csrf not verified
The application appears to have disabled the CSRF token verification middleware which can lead to a Cross-site request forgery (CSRF) vulnerability. If the application uses cookie-based authentication, an attacker can trick users into sending authenticated HTTP requests without their knowledge from any arbitrary domain they visit. You can prevent this vulnerability by enforcing usage and verification of the CSRF tokens associated with user requests. To enable the CSRF token verification middleware add \$APP\Http\Middleware\VerifyCsrfToken
to the middleware group in your $APP\Http\Kernel
class.
Likelihood: LOW
Confidence: MEDIUM
CWE:
- CWE-352: Cross-Site Request Forgery (CSRF)
OWASP:
- A01:2021 - Broken Access Control