Description
Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.2.2 allow remote attackers to hijack the authentication of users for requests that (1) perform certain plugin actions and possibly cause a denial of service (disabled core plugins) via unknown vectors or (2) change the contact name and language or possibly have unspecified other impact via a crafted POST request to an account-user-*.php script.
Remediation
References
Related Vulnerabilities
Apache HTTP Server Other Vulnerability (CVE-2005-1344)
WordPress Plugin Mailing List 'dl.php' Arbitrary File Download (1.4.1)
WordPress Plugin ZeenShare Cross-Site Scripting (1.0.1)
Oracle Application Server CVE-2006-0285 Vulnerability (CVE-2006-0285)
Django Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2021-31542)