CVE-2010-2111

Name of the Vulnerable Software and Affected Versions Pacific Timesheet version 6.74 build 363

Description A cross-site request forgery (CSRF) issue exists, allowing remote attackers to hijack administrator authentication for requests that create new administrators via a new admin action. This occurs in the user/user-set.do endpoint.

Recommendations For Pacific Timesheet version 6.74 build 363, consider disabling the new admin action in the user/user-set.do endpoint as a temporary workaround until a patch is available. Restrict access to the user/user-set.do endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.