CVE-2014-8953

Name of the Vulnerable Software and Affected Versions Php Scriptlerim Who's Who script (affected versions not specified)

Description The issue concerns multiple cross-site request forgery (CSRF) vulnerabilities. These vulnerabilities allow remote attackers to hijack the authentication of administrators. The attack can be performed by sending a request to various API endpoints, including "filepath/yonetim/plugin/adminsave.php" to add an admin account, "ayarsave.php", "uyesave.php", "slaytadd.php", or "slaytsave.php" for unspecified impact.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.