CVE Vulnerabilities

CVE-2004-2364

Published: Dec 31, 2004 | Modified: Sep 05, 2008
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

Cross-site request forgery (CSRF) vulnerability in PHPX 3.0 through 3.2.6 allows remote attackers to execute arbitrary commands via URLs that are automatically executed on behalf of the administrator, as demonstrated using (1) admin/page.php, (2) admin/news.php, (3) admin/user.php, (4) admin/images.php, (5) admin/page.php, or (6) admin/forums.php.

Affected Software

Name Vendor Start Version End Version
Phpx Phpx 3.0.0 (including) 3.0.0 (including)
Phpx Phpx 3.0.1 (including) 3.0.1 (including)
Phpx Phpx 3.0.2 (including) 3.0.2 (including)
Phpx Phpx 3.0.3 (including) 3.0.3 (including)
Phpx Phpx 3.0.4 (including) 3.0.4 (including)
Phpx Phpx 3.0.5 (including) 3.0.5 (including)
Phpx Phpx 3.0.6 (including) 3.0.6 (including)
Phpx Phpx 3.0.7 (including) 3.0.7 (including)
Phpx Phpx 3.1.0 (including) 3.1.0 (including)
Phpx Phpx 3.1.1 (including) 3.1.1 (including)
Phpx Phpx 3.1.2 (including) 3.1.2 (including)
Phpx Phpx 3.1.3 (including) 3.1.3 (including)
Phpx Phpx 3.1.4 (including) 3.1.4 (including)
Phpx Phpx 3.2.0 (including) 3.2.0 (including)
Phpx Phpx 3.2.1 (including) 3.2.1 (including)
Phpx Phpx 3.2.2 (including) 3.2.2 (including)
Phpx Phpx 3.2.3 (including) 3.2.3 (including)
Phpx Phpx 3.2.4 (including) 3.2.4 (including)
Phpx Phpx 3.2.5 (including) 3.2.5 (including)
Phpx Phpx 3.2.6 (including) 3.2.6 (including)

References