In Mirumee Saleor 2.7.0 (fixed in 2.8.0), CSRF protection middleware was accidentally disabled, which allowed malicious users to send a POST request without a valid CSRF token and be accepted by the server.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mirumee saleor 2.7.0 |