Description
Cross-site request forgery (CSRF) vulnerability in admin/settings/update in DClassifieds 0.1 final allows remote attackers to hijack the authentication of administrators for requests that modify account settings such as the administrator password or email via certain Settings[] parameters.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/36627
References (7)
Core 7
Core References
Patch x_refsource_confirm
http://sourceforge.net/projects/dclassifieds/files/csrf_fix_120105.rar/download
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/47691
Exploit x_refsource_misc
https://www.htbridge.ch/advisory/HTB23067
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/78557
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/51671
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/72733
Exploit mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2012-01/0158.html
Scores
EPSS
0.0152
EPSS Percentile
81.4%
Details
CWE
CWE-352
Status
published
Products (1)
dclassifieds/dclassifieds
0.1 final
Published
Feb 07, 2012
Tracked Since
Feb 18, 2026