SECUNIA ADVISORY ID:
SA42292
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42292/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42292
RELEASE DATE:
2010-11-20
DESCRIPTION:
A vulnerability has been reported in the Mosets Tree component for
Joomla!, which can be exploited by malicious people to conduct
cross-site request forgery attacks.
The application allows users to perform certain actions via HTTP
requests without making proper validity checks to verify the
requests. This can be exploited to e.g. change the template by
tricking a privileged user into visiting a malicious web site while
being logged-in to the application.
The vulnerability is reported in version 2.1.6. Prior versions may
also be affected.
SOLUTION:
Update to version 2.1.7.
PROVIDED AND/OR DISCOVERED BY:
jdc
ORIGINAL ADVISORY:
Mosets Tree:
http://forum.mosets.com/showthread.php?t=16820