4 matches found
JForum login.page adminUsers模块iyonghu权限跨站请求伪造漏洞
CVE ID:CVE-2013-7209 JForum是采用Java开发的功能强大且稳定的论坛系统。 JForum login.page中的adminUsers模块不正确保护跨站请求伪造攻击,允许远程攻击者利用漏洞构建恶意URI,诱使用户解析,可以目标用户上下文执行恶意操作。 0 JForum 目前没有详细解决方案提供: http://jforum.net/...
CVE-2012-4324
Cross-site request forgery CSRF vulnerability in PHPJabbers Vacation Rental Script allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via a create action in the AdminUsers module to index.php...
CVE-2012-4324
Cross-site request forgery CSRF vulnerability in PHPJabbers Vacation Rental Script allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via a create action in the AdminUsers module to index.php...
CVE-2012-4324
CVE-2012-4324: CSRF in PHPJabbers Vacation Rental Script permits remote attackers to hijack administrator authentication by issuing requests that trigger adding admin accounts via the AdminUsers create action on index.php. The vulnerability detail explicitly identifies the affected software and t...