CVE-2010-0992

Name of the Vulnerable Software and Affected Versions Pulse CMS Basic versions 1.2.2 through 1.2.3 Pulse Pro versions prior to 1.3.2

Description The issue allows remote attackers to hijack the authentication of users for requests that upload image files, delete image files, or create blocks due to multiple cross-site request forgery (CSRF) vulnerabilities.

Recommendations For Pulse CMS Basic versions 1.2.2 and 1.2.3, consider disabling the image upload and block creation features until a patch is available. For Pulse Pro versions prior to 1.3.2, update to version 1.3.2 or later to resolve the issue. As a temporary workaround, restrict access to the image deletion and block creation API endpoints to minimize the risk of exploitation.