Secunia
Login
|
|
|
|
|
|
|
|
|
Limny Cross-Site Request Forgery Vulnerability
Release Date: 2010-02-17 Last Update: 2010-03-18 Views: 2,056
Secunia Advisory SA38616
Where:
From remote
Impact:
Cross Site Scripting,
Solution Status:
Vendor Patch
CVE Reference(s):
Description
A vulnerability has been discovered in Limny, which can be exploited by malicious people to conduct cross-site request forgery attacks.
The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change the administrative password or email address and add a new user by tricking an administrative user into visiting a malicious web site.
The vulnerability is confirmed in version 2.0. Other versions may also be affected.
Solution:
Update to version 2.01.
Provided and/or discovered by:
Luis Santana
Deep Links:
Links available to Secunia VIM customers
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com
Subject: Limny Cross-Site Request Forgery Vulnerability
|
No posts yet |
|
You must be logged in to post a comment. |
