CVE-2010-4729
Zikula < 1.2.3 - Cross-Site Request Forgery via Lost Password Form
Title source: llmDescription
Zikula before 1.2.3 does not use the authid protection mechanism for (1) the lostpassword form and (2) mailpasswd processing, which makes it easier for remote attackers to generate a flood of password requests and possibly conduct cross-site request forgery (CSRF) attacks via multiple form submissions.
References (2)
Core 2
Core References
Various Sources x_refsource_confirm
http://code.zikula.org/core/ticket/1979
Various Sources x_refsource_confirm
http://code.zikula.org/core12/browser/tags/Zikula-1.2.5/src/docs/CHANGELOG
Scores
EPSS
0.0052
EPSS Percentile
40.7%
Details
CWE
CWE-352
Status
published
Products (3)
zikula/zikula_application_framework
1.1.2
zikula/zikula_application_framework
1.2.1
zikula/zikula_application_framework
< 1.2.2
Published
Feb 08, 2011
Tracked Since
Feb 18, 2026