CVE-2011-0642

Name of the Vulnerable Software and Affected Versions N-13 News versions 3.4 through 4.0

Description A cross-site request forgery (CSRF) issue exists, allowing remote attackers to hijack administrator authentication for creating new users via the options action in the news/admin.php file.

Recommendations For versions 3.4 through 4.0, as a temporary workaround, consider restricting access to the news/admin.php file to minimize the risk of exploitation. Avoid using the options action in this file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.