CVE-2007-5918

MS TopSites - CSRF

Title source: llm

Description

Cross-site request forgery (CSRF) vulnerability in edit.php in the MS TopSites add-on for PHP-Nuke does not verify that the uname parameter matches the current account, which allows remote authenticated users to change arbitrary accounts or change the SiteTitleName field as an arbitrary user via a modified uname value in an edit action to modules.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by 0x90 · htmlwebappsphp

https://www.exploit-db.com/exploits/30745

View Code ZIP pw:eip

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/26358

[Various Sources] http://0x90.com.ar/Advisory/20071106.txt

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/483353/100/0/threaded

Scores

EPSS 0.0019

EPSS Percentile 41.2%

Details

CWE

CWE-352

Status published

Products (1)

ms_topsites/ms_topsites

Published Nov 10, 2007

Tracked Since Feb 18, 2026