CVE-2010-3024

EIP tracks 1 public exploit for CVE-2010-3024. PoCs published by High-Tech Bridge SA.

AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in DiamondList 0.1.6, allowing an attacker to submit a crafted form to update user details, including passwords, without proper request verification. The PoC includes a hidden form with JavaScript auto-submission to trigger the attack.

Multiple cross-site request forgery (CSRF) vulnerabilities in user/main/update_user in DiamondList 0.1.6, and possibly earlier, allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrative password or (2) change the site's configuration.