Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Jun 16, 2026
CVE-2004-2364
CVE-2004-2364
Description
Cross-site request forgery (CSRF) vulnerability in PHPX 3.0 through 3.2.6 allows remote attackers to execute arbitrary commands via URLs that are automatically executed on behalf of the administrator, as demonstrated using (1) admin/page.php, (2) admin/news.php, (3) admin/user.php, (4) admin/images.php, (5) admin/page.php, or (6) admin/forums.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
21cpe:2.3:a:phpx:phpx:3.0.0:*:*:*:*:*:*:*+ 20 more
- cpe:2.3:a:phpx:phpx:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:phpx:phpx:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:phpx:phpx:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:phpx:phpx:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:phpx:phpx:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:phpx:phpx:3.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:phpx:phpx:3.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:phpx:phpx:3.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:phpx:phpx:3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:phpx:phpx:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:phpx:phpx:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:phpx:phpx:3.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:phpx:phpx:3.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:phpx:phpx:3.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:phpx:phpx:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:phpx:phpx:3.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:phpx:phpx:3.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:phpx:phpx:3.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:phpx:phpx:3.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:phpx:phpx:3.2.6:*:*:*:*:*:*:*
- (no CPE)range: >=3.0, <=3.2.6
Patches
Vulnerability mechanics
References
10- www.phpx.org/project.phpnvdPatchURL Repurposed
- www.securityfocus.com/archive/1/362230nvdExploitVendor Advisory
- www.securityfocus.com/bid/10284nvdExploitPatch
- secunia.com/advisories/11554nvd
- securitytracker.com/idnvd
- www.osvdb.org/5907nvd
- www.osvdb.org/5908nvd
- www.osvdb.org/5909nvd
- www.osvdb.org/5910nvd
- www.osvdb.org/5911nvd
News mentions
0No linked articles in our index yet.