CVE-2010-0709

Name of the Vulnerable Software and Affected Versions Limny version 2.0

Description The issue allows remote attackers to hijack user or administrator authentication for specific requests. This can be done in two ways: (1) by changing the email address or password via the index.php endpoint, and (2) by creating a new user via the admin/modules/user/new action to limny/index.php.

Recommendations For Limny version 2.0, as a temporary workaround, consider restricting access to the index.php and limny/index.php endpoints to minimize the risk of exploitation. Additionally, restrict the admin/modules/user/new action to authorized administrators only until a patch is available.