2 matches found
CVE-2013-7376
Multiple cross-site request forgery CSRF vulnerabilities in OpenX 2.8.10, possibly before revision 82710, allow remote attackers to hijack the authentication of administrators, as demonstrated by requests that conduct directory traversal attacks via the group parameter to 1 plugin-preferences.php...
CVE-2013-7376
OpenX 2.8.10 (possibly before revision 82710) contains CSRF vulnerabilities that can hijack administrator authentication. The issue is demonstrated via requests that perform directory traversal through the group parameter to www/admin/plugin-preferences.php or www/admin/plugin-settings.php. The c...