Date: Sun, 25 May 2014 14:56:08 +0300 From: Dolev Farhi <dolev@...nflare.org> To: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: CVE Request: userCake <= 2.0.2 CSRF vulnerability hi, I would like to request a CVE for the following issue: Date: 21.5.2014 Title: Cross-Site Request Forgery vulnerability in userCake Vendor: userCake.com - notified & confirmed homepage https://usercake.com Brief: A cross-site request forgery issue was found in the latest version of userCake 2.0.2, which most probably affects versions prior to the latest as well. userCake is an open source user management system. The vulnerability allows resetting a logged on admin account password via the passwordc and passwordcheck parameters in user_settings.php Full advisory and proof of concept can be found in this link: http://research.openflare.org/advisories/OF-2014-11/usercake_csrf.txt Can a CVE please be assigned? Tx
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ