2 matches found
CVE-2010-2294
CVE-2010-2294 affects Plume CMS 1.2.4 (and possibly earlier). The vulnerability is a Cross-Site Request Forgery that allows an attacker to hijack the administrator’s session and perform password-change requests, enabling unauthorized admin credential changes via unspecified vectors. The connected...
CVE-2010-2294
Cross-site request forgery CSRF vulnerability in Plume CMS 1.2.4 and possibly earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via unspecified vectors...