Cross-site request forgery (CSRF) vulnerability in admBase/login.page in the Admin module in JForum allows remote attackers to hijack the authentication of administrators for requests that change the user group permissions of arbitrary users via a groupsSave action.
References
Configurations
Information
Published : 2013-12-30 07:30
Updated : 2013-12-31 07:19
NVD link : CVE-2013-7209
Mitre link : CVE-2013-7209
JSON object : View
CWE
CWE-352
Cross-Site Request Forgery (CSRF)
Products Affected
jforum
- jforum