Multiple cross-site request forgery (CSRF) vulnerabilities in the addAction and purgeAction functions in ViMbAdmin 3.0.15 allow remote attackers to hijack the authentication of logged administrators to
<vimbadmin directory>/application/controllers/DomainController.php
,<vimbadmin directory>/application/controllers/DomainController.php
,<vimbadmin directory>/application/controllers/DomainController.php
,<vimbadmin directory>/application/controllers/MailboxController.php
,<vimbadmin directory>/application/controllers/MailboxController.php
,<vimbadmin directory>/application/controllers/ArchiveController.php
,<vimbadmin directory>/application/controllers/AliasController.php
, or<vimbadmin directory>/application/controllers/AliasController.php
.