2 matches found
CVE-2011-0503
Cross-site request forgery CSRF vulnerability in VaM Shop 1.6, 1.6.1, and probably earlier versions allows remote attackers to hijack the authentication of administrators for requests that 1 change user status via admin/customers.php or 2 change user permissions via admin/accounting.php. NOTE: so...
CVE-2011-0503
CVE-2011-0503 is a CSRF in VaM Shop (versions 1.6, 1.6.1 and likely earlier) where requests from an authenticated admin could change user status (admin/customers.php) or modify user permissions (admin/accounting.php). The root cause is insufficient validation of the request origin in several admi...