CVE-2004-2364

Cross-site request forgery (CSRF) vulnerability in PHPX 3.0 through 3.2.6 allows remote attackers to execute arbitrary commands via URLs that are automatically executed on behalf of the administrator, as demonstrated using (1) admin/page.php, (2) admin/news.php, (3) admin/user.php, (4) admin/images.php, (5) admin/page.php, or (6) admin/forums.php.

Affected Software

Name	Vendor	Start Version	End Version
Phpx	Phpx	3.0.0 (including)	3.0.0 (including)
Phpx	Phpx	3.0.1 (including)	3.0.1 (including)
Phpx	Phpx	3.0.2 (including)	3.0.2 (including)
Phpx	Phpx	3.0.3 (including)	3.0.3 (including)
Phpx	Phpx	3.0.4 (including)	3.0.4 (including)
Phpx	Phpx	3.0.5 (including)	3.0.5 (including)
Phpx	Phpx	3.0.6 (including)	3.0.6 (including)
Phpx	Phpx	3.0.7 (including)	3.0.7 (including)
Phpx	Phpx	3.1.0 (including)	3.1.0 (including)
Phpx	Phpx	3.1.1 (including)	3.1.1 (including)
Phpx	Phpx	3.1.2 (including)	3.1.2 (including)
Phpx	Phpx	3.1.3 (including)	3.1.3 (including)
Phpx	Phpx	3.1.4 (including)	3.1.4 (including)
Phpx	Phpx	3.2.0 (including)	3.2.0 (including)
Phpx	Phpx	3.2.1 (including)	3.2.1 (including)
Phpx	Phpx	3.2.2 (including)	3.2.2 (including)
Phpx	Phpx	3.2.3 (including)	3.2.3 (including)
Phpx	Phpx	3.2.4 (including)	3.2.4 (including)
Phpx	Phpx	3.2.5 (including)	3.2.5 (including)
Phpx	Phpx	3.2.6 (including)	3.2.6 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-2364
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References