CVE-2010-3024
CVE-2010-3024 affects DiamondList 0.1.6 (and possibly earlier) with a CSRF vulnerability in the admin-facing path user/main/update_user. This allows a remote attacker to hijack administrator authentication and perform actions such as (1) changing the admin password or (2) changing site configurat...