CVE-2022-26173

Name of the Vulnerable Software and Affected Versions JForum version 2.8.0

Description The issue allows attackers to perform a Cross-Site Request Forgery (CSRF) attack via the "http://target host:port/jforum-2.8.0/jforum.page" endpoint, enabling them to arbitrarily add admin accounts.

Recommendations For JForum version 2.8.0, consider restricting access to the "http://target host:port/jforum-2.8.0/jforum.page" endpoint to minimize the risk of exploitation. As a temporary workaround, review and limit the creation of new admin accounts until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.