VYPR
Unrated severityNVD Advisory· Published Feb 8, 2011· Updated Jun 16, 2026

CVE-2010-4729

CVE-2010-4729

Description

Zikula before 1.2.3 does not use the authid protection mechanism for (1) the lostpassword form and (2) mailpasswd processing, which makes it easier for remote attackers to generate a flood of password requests and possibly conduct cross-site request forgery (CSRF) attacks via multiple form submissions.

Affected products

4
  • cpe:2.3:a:zikula:zikula_application_framework:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:zikula:zikula_application_framework:*:*:*:*:*:*:*:*range: <=1.2.2
    • cpe:2.3:a:zikula:zikula_application_framework:1.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:zikula:zikula_application_framework:1.2.1:*:*:*:*:*:*:*
  • Zikula/Zikulallm-fuzzy
    Range: <1.2.3

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.

CVE-2010-4729 · VYPR