VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Feb 8, 2011· Updated Apr 29, 2026

CVE-2010-4729

CVE-2010-4729

Description

Zikula before 1.2.3 does not use the authid protection mechanism for (1) the lostpassword form and (2) mailpasswd processing, which makes it easier for remote attackers to generate a flood of password requests and possibly conduct cross-site request forgery (CSRF) attacks via multiple form submissions.

Affected products

3
  • Zikula/Zikula Application Framework3 versions
    cpe:2.3:a:zikula:zikula_application_framework:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:zikula:zikula_application_framework:*:*:*:*:*:*:*:*range: <=1.2.2
    • cpe:2.3:a:zikula:zikula_application_framework:1.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:zikula:zikula_application_framework:1.2.1:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.