2018-01-22 22:00:00
mitre
PUBLISHED
In Yii Framework 2.x before 2.0.14, the switchIdentity function in web/User.php did not regenerate the CSRF token upon a change of identity.