Cross-site request forgery (CSRF) vulnerability in default.asp in ASPCode CMS 1.5.8, 2.0.0 Build 103, and possibly other versions, allows remote attackers to hijack the authentication of an administrator for requests that (1) delete users via the delete action in the ma2 parameter or (2) create administrators via the update action in the ma2 parameter.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2010-02-25T20:00:00Z
Updated: 2024-09-16T22:41:33.086Z
Reserved: 2010-02-25T00:00:00Z
Link: CVE-2010-0711
Vulnrichment
No data.
NVD
Status : Modified
Published: 2010-02-25T20:30:00.640
Modified: 2024-11-21T01:12:48.067
Link: CVE-2010-0711
Redhat
No data.