Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Mailman Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-6893)

Description

Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account.

Remediation

References

Related Vulnerabilities

Joomla Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-15695)

PHP Use After Free Vulnerability (CVE-2021-21708)

WordPress Plugin WP-Polls Cross-Site Scripting (2.60)

b2evolution URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-22840)

IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-9700)

Severity

High

Classification

CVE-2016-6893 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities