Multiple cross-site request forgery (CSRF) vulnerabilities in phpList before 2.10.13 allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) edit administrator accounts.
Publication date: Wed, 13 Apr 2011 19:55:00 +0000