Description
Cross-site request forgery (CSRF) vulnerability in PHPX 3.0 through 3.2.6 allows remote attackers to execute arbitrary commands via URLs that are automatically executed on behalf of the administrator, as demonstrated using (1) admin/page.php, (2) admin/news.php, (3) admin/user.php, (4) admin/images.php, (5) admin/page.php, or (6) admin/forums.php.
Exploits (6)
References (10)
Core 10
Core References
Patch, URL Repurposed x_refsource_misc
http://www.phpx.org/project.php?action=view&project_id=1
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/5909
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1010061
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/5908
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/5911
Exploit, Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/10284
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/5910
Exploit, Vendor Advisory mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/362230
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/11554
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/5907
Scores
EPSS
0.0749
EPSS Percentile
91.8%
Details
Status
published
Products (20)
phpx/phpx
3.0.0
phpx/phpx
3.0.1
phpx/phpx
3.0.2
phpx/phpx
3.0.3
phpx/phpx
3.0.4
phpx/phpx
3.0.5
phpx/phpx
3.0.6
phpx/phpx
3.0.7
phpx/phpx
3.1.0
phpx/phpx
3.1.1
... and 10 more
Published
Dec 31, 2004
Tracked Since
Feb 18, 2026