CVE-2010-3026

Name of the Vulnerable Software and Affected Versions Tomaz Muraus Open Blog versions 1.2.1 and earlier

Description A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators for requests to "admin/users/edit" that grant administrative privileges. This occurs due to a vulnerability in the application/modules/admin/controllers/users.php file.

Recommendations For Tomaz Muraus Open Blog versions 1.2.1 and earlier, as a temporary workaround, consider restricting access to the "admin/users/edit" endpoint until a patch is available. Additionally, avoid using the administrative privileges grant functionality in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.