Multiple cross-site request forgery (CSRF) vulnerabilities in (1) addaddress.php, (2) toggleignore.php, (3) removeignore.php, and (4) removeaddress.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to modify settings as another user via a link or IMG tag.

BUGTRAQ:20050624 Infopop UBB Threads Multiple Vulnerabilities | URL:http://marc.info/?l=bugtraq&m=111963737202040&w=2 | MISC:http://www.gulftech.org/?node=research&article_id=00084-06232005 | MISC:http://www.ubbcentral.com/boards/showflat.php/Cat/0/Number/42351/Main/42351/#Post42351