CVE-2010-3026

Cross-site request forgery (CSRF) vulnerability in application/modules/admin/controllers/users.php in Tomaz Muraus Open Blog 1.2.1, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests to admin/users/edit that grant administrative privileges.

Date published : 2010-08-16

http://www.securityfocus.com/archive/1/512902/100/0/threaded

http://www.exploit-db.com/exploits/14562