CVE-2010-4729

Zikula before 1.2.3 does not use the authid protection mechanism for (1) the lostpassword form and (2) mailpasswd processing, which makes it easier for remote attackers to generate a flood of password requests and possibly conduct cross-site request forgery (CSRF) attacks via multiple form submissions.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:zikula:zikula_application_framework:*:*:*:*:*:*:*:*
cpe:2.3:a:zikula:zikula_application_framework:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:zikula:zikula_application_framework:1.2.1:*:*:*:*:*:*:*

Information

Published : 2011-02-08 14:00

Updated : 2011-02-13 21:00


NVD link : CVE-2010-4729

Mitre link : CVE-2010-4729


JSON object : View

CWE
CWE-352

Cross-Site Request Forgery (CSRF)

Advertisement

dedicated server usa

Products Affected

zikula

  • zikula_application_framework