CVE-2004-2364 Information

Description

Cross-site request forgery (CSRF) vulnerability in PHPX 3.0 through 3.2.6 allows remote attackers to execute arbitrary commands via URLs that are automatically executed on behalf of the administrator as demonstrated using (1) admin/page.php (2) admin/news.php (3) admin/user.php (4) admin/images.php (5) admin/page.php or (6) admin/forums.php.

Reference

http://secunia.com/advisories/11554 http://securitytracker.com/id?1010061 http://www.osvdb.org/5907 http://www.osvdb.org/5908 http://www.osvdb.org/5909 http://www.osvdb.org/5910 http://www.osvdb.org/5911 http://www.phpx.org/project.php?action=view&project_id=1 http://www.securityfocus.com/archive/1/362230 http://www.securityfocus.com/bid/10284