Cross-site request forgery (CSRF) vulnerability in administrator/index2.php in MOStlyCE prior to 2.4, as used in Mambo 4.6.3 and previous versions, allows remote malicious users to hijack the authentication of administrators for requests that add new administrator accounts via the save task in a com_users action, as demonstrated using a separate XSS vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mambo-foundation mambo |
||
mambo-foundation mambo 4.6.2 |
||
brilaps mostlyce |