Cross-site request forgery (CSRF) vulnerability in PHPX 3.0 through 3.2.6 allows remote attackers to execute arbitrary commands via URLs that are automatically executed on behalf of the administrator, as demonstrated using (1) admin/page.php, (2) admin/news.php, (3) admin/user.php, (4) admin/images.php, (5) admin/page.php, or (6) admin/forums.php.

BID:10284 | URL:http://www.securityfocus.com/bid/10284 | BUGTRAQ:20040504 Vulnerabilities In PHPX 3.26 And Earlier | URL:http://www.securityfocus.com/archive/1/362230 | MISC:http://www.phpx.org/project.php?action=view&project_id=1 | OSVDB:5907 | URL:http://www.osvdb.org/5907 | OSVDB:5908 | URL:http://www.osvdb.org/5908 | OSVDB:5909 | URL:http://www.osvdb.org/5909 | OSVDB:5910 | URL:http://www.osvdb.org/5910 | OSVDB:5911 | URL:http://www.osvdb.org/5911 | SECTRACK:1010061 | URL:http://securitytracker.com/id?1010061 | SECUNIA:11554 | URL:http://secunia.com/advisories/11554