CVE-2010-4729

Published: Feb 8, 2011Modified: Apr 29, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Zikula before 1.2.3 does not use the authid protection mechanism for (1) the lostpassword form and (2) mailpasswd processing, which makes it easier for remote attackers to generate a flood of password requests and possibly conduct cross-site request forgery (CSRF) attacks via multiple form submissions.

Affected (3)

Products: Zikula: Zikula Application Framework

1 product

Zikula Application Framework

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Zikula Zikula Application Framework	Up to 1.2.2
Zikula Zikula Application Framework	Version 1.1.2
Zikula Zikula Application Framework	Version 1.2.1

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

http://code.zikula.org/core/ticket/1979

Source: cve@mitre.org

http://code.zikula.org/core12/browser/tags/Zikula-1.2.5/src/docs/CHANGELOG

Source: cve@mitre.org

http://code.zikula.org/core/ticket/1979

Source: af854a3a-2127-422b-91ae-364da2661108

http://code.zikula.org/core12/browser/tags/Zikula-1.2.5/src/docs/CHANGELOG

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.