Limny CMS version 2.0 suffers from a cross site request forgery vulnerability that allows for a malicious attacker to have an account's password and email address changed. Proof of concept code included.
Limny CMS version 2.0 suffers from a cross site request forgery vulnerability that allows for a malicious attacker to have an administrator account created. Proof of concept code included.
The Realname User Reference widget in Drupal version 6.x-1.0 allows any user with access content permission to mine user name and real names from accounts.