CVE-2012-5326

Name of the Vulnerable Software and Affected Versions IDevSpot iSupport versions 1.x

Description A cross-site request forgery issue allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via an administrators action. This occurs in the admin/function.php file.

Recommendations For IDevSpot iSupport versions 1.x, consider disabling the administrators action in the admin/function.php file until a patch is available to prevent exploitation. Restrict access to the admin/function.php file to minimize the risk of unauthorized administrator account additions.