CVE-2009-3520

Name of the Vulnerable Software and Affected Versions CMSphp version 0.21

Description A cross-site request forgery (CSRF) issue exists in the Your account module, allowing remote attackers to hijack administrator authentication for requests that change an administrator's password. This is achieved via the pseudo, pwd, and uid parameters in an "admin info user verif" action.

Recommendations For CMSphp version 0.21, as a temporary workaround, consider restricting access to the Your account module until a patch is available. Avoid using the pseudo, pwd, and uid parameters in the affected admin info user verif action to minimize the risk of exploitation.