Cross-site request forgery (CSRF) vulnerability in the Users module in Zikula prior to 1.2.5 allows remote malicious users to hijack the authentication of administrators for requests that change account privileges via an edit access_permissions action to index.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zikula zikula application framework 1.2.1 |
||
zikula zikula application framework 1.1.2 |
||
zikula zikula application framework |
||
zikula zikula application framework 1.2.3 |
||
zikula zikula application framework 1.2.2 |