CVE-2010-3464

Name of the Vulnerable Software and Affected Versions SantaFox versions 2.02 and possibly earlier

Description A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators for requests. This can be demonstrated by adding administrative users via the "save admin" action to "admin/index.php".

Recommendations For versions 2.02 and possibly earlier, as a temporary workaround, consider restricting access to the "admin/manager users.class.php" file and the "save admin" action in "admin/index.php" to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.