Description

Cross-site request forgery (CSRF) vulnerability in addressbook/register/delete_user.php in PHP Address Book 8.2.5 allows remote attackers to hijack the authentication of administrators for requests that delete accounts, a different vulnerability than CVE-2013-0135.1.

Remediation

References

CVE-2013-2778

Related Vulnerabilities

Jboss EAP Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-1336)

WordPress Plugin InfiniteWP Client PHP Object Injection (1.6.0)

WordPress Plugin Wordfence Security-Firewall & Malware Scan Cross-Site Scripting (3.3.5)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-28980)

WordPress Plugin HashThemes Demo Importer Security Bypass (1.1.1)

Severity

High

Classification

CVE-2013-2778 CWE-352

Tags

Missing Update Known Vulnerabilities