BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
Jportal 2.3.1 CSRF vulnerability Feb 11 2007 10:45PM
dzitu poczta fm
Type: CSRF Attack / Input Validation Error
Remote: Yes
Version: 2.3.1 (very possible, that older versions are vulnerable too)
Problem is in admin/admin.adm.php:

function add_admin() {

global $name, $mail, $nick_, $action, $user_tbl, $access;
global $nick, $PHP_SELF, $_pass, $pass_, $acce, $op, $...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus