Cross-site request forgery (CSRF) vulnerability in PHPX 3.0 up to and including 3.2.6 allows remote malicious users to execute arbitrary commands via URLs that are automatically executed on behalf of the administrator, as demonstrated using (1) admin/page.php, (2) admin/news.php, (3) admin/user.php, (4) admin/images.php, (5) admin/page.php, or (6) admin/forums.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phpx phpx 3.2.4 |
||
phpx phpx 3.2.5 |
||
phpx phpx 3.1.0 |
||
phpx phpx 3.1.2 |
||
phpx phpx 3.0.4 |
||
phpx phpx 3.0.0 |
||
phpx phpx 3.1.4 |
||
phpx phpx 3.0.2 |
||
phpx phpx 3.0.1 |
||
phpx phpx 3.0.6 |
||
phpx phpx 3.2.0 |
||
phpx phpx 3.1.3 |
||
phpx phpx 3.2.2 |
||
phpx phpx 3.0.7 |
||
phpx phpx 3.1.1 |
||
phpx phpx 3.2.6 |
||
phpx phpx 3.2.3 |
||
phpx phpx 3.0.5 |
||
phpx phpx 3.2.1 |
||
phpx phpx 3.0.3 |