In GNU Mailman prior to 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gnu mailman |
||
debian debian linux 9.0 |