CVE-2010-3024

DiamondList 0.1.6 - CSRF

Title source: llm

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in user/main/update_user in DiamondList 0.1.6, and possibly earlier, allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrative password or (2) change the site's configuration.

Exploits (1)

exploitdb WORKING POC VERIFIED

by High-Tech Bridge SA · htmlwebappsphp

https://www.exploit-db.com/exploits/14565

View Code ZIP pw:eip

References (8)

[Vendor Advisory] http://dev.hulihanapplications.com/issues/show/212

[Mailing List] http://marc.info/?l=bugtraq&m=128104130309426&w=2

[Exploit, Third Party Advisory] http://packetstormsecurity.org/1008-exploits/diamondlist-xssxsrf.txt

[Vendor Advisory] http://secunia.com/advisories/40873

[Exploit] http://www.exploit-db.com/exploits/14565

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/60937

[Vendor Advisory] http://www.htbridge.ch/advisory/xsrf_csrf_in_diamondlist.html

[Third Party Advisory, VDB Entry] http://osvdb.org/66918

Scores

EPSS 0.0306

EPSS Percentile 86.8%

Details

CWE

CWE-352

Status published

Products (1)

hulihanapplications/diamondlist 0.1.6

Published Aug 16, 2010

Tracked Since Feb 18, 2026