CVE-2007-3688
The vulnerability described across sources concerns DotClear 1.2.6, where multiple cross-site request forgery (CSRF) flaws allow remote attackers to perform actions as arbitrary users. The entry specifies exploitation via the tool_url parameter to ecrire/tools.php and through several fields on pa...