Joomla! Mosets Tree Component Cross-Site Request Forgery Vulnerability

SECUNIA ADVISORY ID:
SA42292

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/42292/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=42292

RELEASE DATE:
2010-11-20
DESCRIPTION:
A vulnerability has been reported in  the Mosets Tree component for
Joomla!, which can be exploited by malicious people to conduct
cross-site request forgery attacks.

The application allows users to perform certain actions via HTTP
requests without making proper validity checks to verify the
requests. This can be exploited to e.g. change the template by
tricking a privileged user into visiting a malicious web site while
being logged-in to the application.

The vulnerability is reported in version 2.1.6. Prior versions may
also be affected.

SOLUTION:
Update to version 2.1.7.

PROVIDED AND/OR DISCOVERED BY:
jdc

ORIGINAL ADVISORY:
Mosets Tree:
http://forum.mosets.com/showthread.php?t=16820