CVE-2011-5316

Name of the Vulnerable Software and Affected Versions Cambio version 0.5a nightly r37

Description A cross-site request forgery issue exists, allowing remote attackers to hijack administrator authentication for requests that modify credentials via a user save action. This occurs in the admin/index.php file.

Recommendations For version 0.5a nightly r37, as a temporary workaround, consider restricting access to the admin/index.php file until a patch is available. Avoid using the user save action in this file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.