CSRF in joomla 1.0.11 stable version

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: CSRF in joomla 1.0.11 stable version
From: vivek_infosec@xxxxxxxxx
Date: 3 Mar 2008 09:23:28 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Joomla(CMS) framework version 1.0.11 stable is susceptible to a CSRF attack 
which can compromise the super admin account and the whole application.
The CSRF attack can be performed on the framework to 
change the super admin account password because the change password 
functionality does not asks for the current password.

Other than this flaw there are multiple places where XSS have been identified.

Prev by Date: [DSECRG-08-017] Flyspray 0.9.9.4 Multiple Security Vulnerabilities
Next by Date: DDIVRT-2008-10 PacketTrap TFTP Directory Traversal Vulnerability
Previous by thread: [DSECRG-08-017] Flyspray 0.9.9.4 Multiple Security Vulnerabilities
Next by thread: Re: CSRF in joomla 1.0.11 stable version
Index(es):
- Date
- Thread