3 matches found
CVE-2022-41929
org.xwiki.platform:xwiki-platform-oldcore is missing authorization in UsersetDisabledStatus, which may allow an incorrectly authorized user with only Script rights to enable or disable a user. This operation is meant to only be available for users with admin rights. This problem has been patched ...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in VaM Shop 1.6, 1.6.1, and probably earlier versions allows remote attackers to hijack the authentication of administrators for requests that 1 change user status via admin/customers.php or 2 change user permissions via admin/accounting.php. NOTE: so...
CVE-2011-0503
Cross-site request forgery CSRF vulnerability in VaM Shop 1.6, 1.6.1, and probably earlier versions allows remote attackers to hijack the authentication of administrators for requests that 1 change user status via admin/customers.php or 2 change user permissions via admin/accounting.php. NOTE: so...