CVE-2004-2364

Name of the Vulnerable Software and Affected Versions: PHPX versions 3.0 through 3.2.6

Description: A cross-site request forgery (CSRF) issue allows remote attackers to execute arbitrary commands via specific URLs that are automatically executed on behalf of the administrator. The affected URLs include "admin/page.php", "admin/news.php", "admin/user.php", "admin/images.php", and "admin/forums.php".

Recommendations: For PHPX versions 3.0 through 3.2.6, consider disabling access to the affected URLs, such as "admin/page.php", "admin/news.php", "admin/user.php", "admin/images.php", and "admin/forums.php", until a patch is available. Restrict access to these URLs to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.