Joomla! JPodium Component Cross-Site Request Forgery Vulnerability

SECUNIA ADVISORY ID:
SA41059

VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/41059/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=41059

RELEASE DATE:
2010-08-23
DESCRIPTION:
A vulnerability has been reported in the JPodium component for
Joomla!, which can be exploited by malicious people to conduct
cross-site request forgery attacks.

The application allows users to perform certain actions via HTTP
requests without performing any validity checks to verify the
requests. This can be exploited to e.g. delete races or delete
athletes by tricking a logged in administrative user into visiting a
malicious web site.

The vulnerability is reported in versions prior to 0.9.016.

SOLUTION:
Update to version 0.9.016.

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
http://www.jpodium.de/index.php/learn-more/revision-history