CVE-2016-9127

CVE-2016-9127

Vendor N/A
Product Revive Adserver All versions before 3.2.3
Weakness CWE-352 · CSRF
Published March 28, 2017
Last update August 6, 2024
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The password recovery form in Revive Adserver is vulnerable to CSRF attacks. This vulnerability could be exploited to send a large number of password recovery emails to the registered users, especially in conjunction with a bug that caused recovery emails to be sent to all the users at once. Both issues have been fixed.

Key dates

02Disclosure timeline

March 28, 2017 CVE published
August 6, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-7360 SourceCodester Tracking Monitoring Management System ajax.php cross-site request forgery CVE-2023-23984 WordPress Bubble Menu – circle floating menu Plugin <= 3.0.1 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2022-45371 WordPress ShopEngine Plugin <= 4.1.1 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2023-1919 WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_preload_single_save_settings_callback' CVE-2020-10734