Multiple cross-site request forgery (CSRF) vulnerabilities in web@all 2.0, as downloaded before May 30, 2012, allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding a file to execute arbitrary code via a do_addfile action to inc/browser/action.php.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2012-06-27T22:00:00Z

Updated: 2024-09-16T20:38:08.725Z

Reserved: 2012-06-06T00:00:00Z

Link: CVE-2012-3231

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2012-06-27T22:55:01.677

Modified: 2024-11-21T01:40:29.137

Link: CVE-2012-3231

cve-icon Redhat

No data.