Unrated severityNVD Advisory· Published Nov 10, 2007· Updated Apr 23, 2026

CVE-2007-5918

Description

Cross-site request forgery (CSRF) vulnerability in edit.php in the MS TopSites add-on for PHP-Nuke does not verify that the uname parameter matches the current account, which allows remote authenticated users to change arbitrary accounts or change the SiteTitleName field as an arbitrary user via a modified uname value in an edit action to modules.php.

Affected products

Ms Topsites/Ms Topsites
cpe:2.3:a:ms_topsites:ms_topsites:*:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

0x90.com.ar/Advisory/20071106.txtnvd
www.securityfocus.com/archive/1/483353/100/0/threadednvd
www.securityfocus.com/bid/26358nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000