CVE-2010-5319 Information

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Kandidat CMS 1.4.2 allow remote attackers to hijack the authentication of administrators for requests that (1) modify settings via a validate action to admin/settings.php (2) modify pages via the what parameter to admin/edit.php or (3) modify articles via the edit parameter to admin/news.php.

Reference

https://www.htbridge.com/advisory/HTB22648