Description
In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.
Remediation
References
Related Vulnerabilities
PHP Numeric Errors Vulnerability (CVE-2007-1001)
MySQL CVE-2013-0389 Vulnerability (CVE-2013-0389)
WordPress Plugin verwei.se-WordPress-Twitter Cross-Site Scripting (1.0.2)
ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-4390)
WordPress Plugin Image Export Arbitrary File Download (1.1.0)