Multiple cross-site request forgery (CSRF) vulnerabilities in web@all 2.0, as downloaded before May 30, 2012, allow remote attackers to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding a file to execute arbitrary code via a do_addfile action to inc/browser/action.php.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2012-06-27T22:00:00Z
Updated: 2024-09-16T20:38:08.725Z
Reserved: 2012-06-06T00:00:00Z
Link: CVE-2012-3231
Vulnrichment
No data.
NVD
Status : Modified
Published: 2012-06-27T22:55:01.677
Modified: 2024-11-21T01:40:29.137
Link: CVE-2012-3231
Redhat
No data.