Description

Cross-site request forgery (CSRF) vulnerability in the subscription page editor (spageedit) in phpList before 3.0.6 allows remote attackers to hijack the authentication of administrators via a request to admin/.

Remediation

References

CVE-2014-2916

Related Vulnerabilities

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-6699)

MediaWiki Other Vulnerability (CVE-2005-1888)

WordPress Plugin RegistrationMagic-User Registration with Custom Registration Forms Cross-Site Request Forgery (5.3.0.0)

OpenSSL Cryptographic Issues Vulnerability (CVE-2009-3555)

Moodle Exposure of Resource to Wrong Sphere Vulnerability (CVE-2023-1402)

Severity

Medium

Classification

CVE-2014-2916 CWE-352

Tags

Missing Update Known Vulnerabilities