2 matches found
CVE-2007-5109
Cross-site request forgery CSRF vulnerability in index.php in FlatNuke 2.6, and possibly 3, allows remote attackers to change the password and privilege level of arbitrary accounts via the user parameter and modified 1 regpass and 2 level parameters in a noneLogin action, as demonstrated by using...
CVE-2007-5109
Cross-site request forgery (CSRF) in index.php of FlatNuke 2.6 (and possibly 3) allows remote attackers to change user password and privilege level by manipulating the user, regpass, and level parameters in a none_Login action, demonstrated via a Flash object. No explicit remediation is provided ...