Multiple cross-site request forgery (CSRF) vulnerabilities in NetArt Media Car Portal 3.0 allow remote malicious users to hijack the authentication of administrators for requests that (1) change arbitrary user passwords via a nouveau action in the security module to cars/ADMIN/index.php; (2) create a user or (3) create a sub user via a sub_accounts action in the home module to USERS/index.php; or (4) change profile information via an edit action in the profile module to USERS/index.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
netartmedia car portal 3.0 |