Multiple cross-site request forgery (CSRF) vulnerabilities in web@all 2.0, as downloaded before May 30, 2012, allow remote malicious users to hijack the authentication of administrators for requests that add, delete, or modify sensitive information, as demonstrated by adding a file to execute arbitrary code via a do_addfile action to inc/browser/action.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
webatall web\\@all 2.0 |