2 matches found
CVE-2016-10206
Cross-site request forgery CSRF vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack the authentication of users for requests that change passwords and possibly have unspecified other impact as demonstrated by a crafted user action request to index.php...
CVE-2016-10206
CVE-2016-10206 is a CSRF vulnerability in ZoneMinder v1.30 and earlier that allows remote attackers to hijack user authentication via crafted requests to index.php (e.g., changing passwords). The Mageia advisory notes mitigations (ENABLE_CSRF_MAGIC) and updated configurations; no explicit exploit...