Chyrp Lite version 2016.04 is vulnerable to a CSRF in the user settings function allowing attackers to hijack the authentication of logged in users to modify account information, including their password.
CPE | Name | Operator | Version |
---|---|---|---|
chyrp-lite | eq | 2016.02 | |
chyrp-lite | eq | 2016.01 | |
chyrp-lite | eq | 2015.07 | |
chyrp-lite | eq | 2016.04 | |
chyrp-lite | eq | 2016.03 | |
chyrp-lite | eq | 2015.06 |