Cross-site request forgery (CSRF) vulnerability in Harmoni before 1.6.0 allows remote attackers to make administrative modifications via a (1) save or (2) delete action to an unspecified component. Download Harmoni 1.6.0 at Sourceforge:
http://sourceforge.net/project/showfiles.php?group_id82873&package_id85063
Publication date: Wed, 20 Aug 2008 00:41:00 +0000