CVE-2006-4582

Name of the Vulnerable Software and Affected Versions The Address Book version 1.04e

Description A cross-site request forgery issue allows remote attackers to perform unauthorized actions as other users. This can be achieved by manipulating the id parameter in a deleteuser action within the users.php file, potentially leading to the deletion of arbitrary users.

Recommendations For version 1.04e, consider implementing proper CSRF protection mechanisms, such as token-based validation, to prevent unauthorized actions. As a temporary workaround, restrict access to the users.php file and the deleteuser action to minimize the risk of exploitation. Avoid using the id parameter in the deleteuser action until the issue is resolved.