CVE-2004-2364

EPSS 10.7%

Cross-site request forgery (CSRF) vulnerability in PHPX 3.0 through 3.2.6 allows remote attackers to execute arbitrary commands via URLs that are automatically executed on behalf of the administrator, as demonstrated using (1) admin/page.php, (2) admin/news.php, (3) admin/user.php, (4) admin/images.php, (5) admin/page.php, or (6) admin/forums.php.

Affected products

n/a · n/a

public PoCs found — 6

exploitdbwww.exploit-db.com/exploits/24092unverified exploitdbwww.exploit-db.com/exploits/24091unverified exploitdbwww.exploit-db.com/exploits/24089unverified exploitdbwww.exploit-db.com/exploits/24088unverified exploitdbwww.exploit-db.com/exploits/24090unverified exploitdbwww.exploit-db.com/exploits/43812unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://secunia.com/advisories/11554 http://securitytracker.com/id?1010061 http://www.osvdb.org/5907 http://www.osvdb.org/5908 http://www.osvdb.org/5909 http://www.osvdb.org/5910 http://www.osvdb.org/5911 http://www.phpx.org/project.php?action=view&project_id=1 http://www.securityfocus.com/archive/1/362230 http://www.securityfocus.com/bid/10284