CVE-2006-3479

Name of the Vulnerable Software and Affected Versions Nuked-Klan versions 1.7.5 and earlier Nuked-Klan version 1.7 SP4.2

Description A cross-site request forgery (CSRF) issue exists in the del block function, allowing remote attackers to delete arbitrary blocks. This is achieved by modifying the bid parameter in a del block operation on the block page in index.php.

Recommendations For Nuked-Klan versions 1.7.5 and earlier, restrict access to the del block function in modules/Admin/block.php to prevent unauthorized deletion of blocks. For Nuked-Klan version 1.7 SP4.2, consider disabling the del block function until a fix is available to prevent exploitation.