Description

Zikula before 1.2.3 does not use the authid protection mechanism for (1) the lostpassword form and (2) mailpasswd processing, which makes it easier for remote attackers to generate a flood of password requests and possibly conduct cross-site request forgery (CSRF) attacks via multiple form submissions.

Remediation

References

CVE-2010-4729

Related Vulnerabilities

MySQL CVE-2014-4238 Vulnerability (CVE-2014-4238)

GlassFish CVE-2017-10393 Vulnerability (CVE-2017-10393)

e107 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-4920)

Jenkins Incorrect Authorization Vulnerability (CVE-2021-21691)

MyBB Other Vulnerability (CVE-2010-4628)

Severity

Medium

Classification

CVE-2010-4729 CWE-352

Tags

Missing Update Known Vulnerabilities