Description
Multiple cross-site request forgery (CSRF) vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to hijack the authentication of administrators for requests that change the (1) admin or (2) dial password via a request to httpd/cgi-bin/changepw.cgi.
References (2)
Core 2
Core References
Exploit x_refsource_misc
http://packetstormsecurity.com/files/129698/SmoothWall-3.1-Cross-Site-Request-Forgery-Cross-Site-Scripting.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/99403
Scores
EPSS
0.0090
EPSS Percentile
55.5%
Details
CWE
CWE-352
Status
published
Products (2)
smoothwall/smoothwall
3.0 sp3
smoothwall/smoothwall
3.1
Published
Dec 31, 2014
Tracked Since
Feb 18, 2026