CVE-2009-4905 Information

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in Acc Statistics 1.1 allow remote attackers to hijack the authentication of administrators for requests that change (1) passwords (2) usernames and (3) e-mail addresses.

Reference

http://secunia.com/advisories/37694 http://www.exploit-db.com/exploits/10406 http://www.vupen.com/english/advisories/2009/3509