CVE-2010-4750

Description

Cross-site request forgery (CSRF) vulnerability in admin/libs/ADMIN.php in BLOG:CMS 4.2.1.e, and possibly earlier, allows remote attackers to hijack the authentication of administrators.

Affected products

• blogcms / blog:cms4.2.1.e – 4.2.1.e

References

• EXPLOIThttp://www.exploit-db.com/exploits/15743
• MISChttp://blogcms.com/
• MISChttp://www.htbridge.ch/advisory/xsrf_csrf_in_blogcms.html
• MISChttp://securityreason.com/securityalert/8112
• EXPLOIThttp://packetstormsecurity.org/files/view/96731/blogcms-xsrfxss.txt