[+] Credits: hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/AS-CFIMAGEHOST-CSRF.txt Vendor: ==================================== codefuture.co.uk/projects/imagehost Product: =================================== CF Image Host 1.65 - 1.6.6 Archive download listed as: version 1.65 unzips as imagehost 1.6.6 Vulnerability Type: ================================= Cross site request forgery - CSRF CVE Reference: ============== N/A Vulnerability Details: ===================== No CSRF protection exists allowing attackers to make requests to the server on behalf of the victim if they are logged in and visit a malicious site or click an infected linx. This will let attackers modify certain web application settings to whatever the attacker wishes. CSRF Exploit code(s): ====================