Multiple cross-site request forgery (CSRF) vulnerabilities in TestLink 1.9.3 and earlier allow remote attackers to hijack the authentication of users for requests that add, delete, or modify sensitive information, as demonstrated by changing the administrator's email via an editUser action to lib/usermanagement/userInfo.php.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2012-09-15 17:55
Updated : 2024-02-28 12:00
NVD link : CVE-2012-2275
Mitre link : CVE-2012-2275
CVE.ORG link : CVE-2012-2275
JSON object : View
Products Affected
teamst
- testlink
CWE
CWE-352
Cross-Site Request Forgery (CSRF)