Description
Cross-site request forgery (CSRF) vulnerability in the Users module in Zikula before 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change account privileges via an edit access_permissions action to index.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin Booking Calendar Contact Form Multiple Vulnerabilities (1.0.2)
TCExam Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-5743)
WordPress Deserialization of Untrusted Data Vulnerability (CVE-2022-21663)
WordPress Plugin Relevanssi Premium-A Better Search Multiple Vulnerabilities (1.14.4)
PHP Resource Management Errors Vulnerability (CVE-2006-1549)