CVE-2007-5109 Information

Description

Cross-site request forgery (CSRF) vulnerability in index.php in FlatNuke 2.6 and possibly 3 allows remote attackers to change the password and privilege level of arbitrary accounts via the user parameter and modified (1) regpass and (2) level parameters in a none_Login action as demonstrated by using a Flash object to automatically make the request.

Reference

http://secunia.com/advisories/26957 http://securityreason.com/securityalert/3176 http://www.securityfocus.com/archive/1/480468/100/0/threaded http://www.securityfocus.com/bid/25817 https://exchange.xforce.ibmcloud.com/vulnerabilities/36763