Cross-site request forgery (CSRF) vulnerability in admin/settings/update in DClassifieds 0.1 final allows remote attackers to hijack the authentication of administrators for requests that modify account settings such as the administrator password or email via certain Settings[] parameters.
CVSS 2.0
Severity: LOW
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| dclassifieds | dclassifieds | 0.1 |