Description
Zikula before 1.2.3 does not use the authid protection mechanism for (1) the lostpassword form and (2) mailpasswd processing, which makes it easier for remote attackers to generate a flood of password requests and possibly conduct cross-site request forgery (CSRF) attacks via multiple form submissions.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress File Upload Cross-Site Scripting (4.3.2)
Envoy Proxy NULL Pointer Dereference Vulnerability (CVE-2025-62409)
ZenCart Improper Input Validation Vulnerability (CVE-2009-4321)
WordPress Plugin Custom Post View Generator Cross-Site Scripting (0.4.6)
WordPress Plugin Easy Modal Multiple SQL Injection Vulnerabilities (2.0.17)