Cross-site request forgery (CSRF) vulnerability in the del_block function in modules/Admin/block.php in Nuked-Klan 1.7.5 and previous versions and 1.7 SP4.2 allows remote malicious users to delete arbitrary "blocks" via a link with a modified bid parameter in a del_block op on the block page in index.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
nuked-klan nuked-klan |
||
nuked-klan nuked-klan 1.7_sp4.2 |