Security Advisory

CVE-2010-4729

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2011-02-08 21:00:00

Last updated 2024-09-16 19:25:01

Assigner mitre

State PUBLISHED

Description

Zikula before 1.2.3 does not use the authid protection mechanism for (1) the lostpassword form and (2) mailpasswd processing, which makes it easier for remote attackers to generate a flood of password requests and possibly conduct cross-site request forgery (CSRF) attacks via multiple form submissions.

← Browse all CVEs View on cve.org ↗