4.3
CVE-2008-2071
- EPSS 0.67%
- Veröffentlicht 12.05.2008 16:20:00
- Zuletzt bearbeitet 16.06.2026 22:53:02
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginMultiple cross-site request forgery (CSRF) vulnerabilities in the WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allow remote attackers to perform unauthorized actions as cPanel administrators via requests to cpanel/whm/webmail and other unspecified vectors.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.67% | 0.473 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
http://changelog.cpanel.net/?revision=0%3Btree=%3Btreeview=%3Bshow=html%3Bpp=25%3Bte=1314%3Bpg=2
http://lists.grok.org.uk/pipermail/full-disclosure/2008-May/062197.html
http://secunia.com/advisories/30166
http://securityreason.com/securityalert/3866
http://www.securityfocus.com/archive/1/491864/100/0/threaded
http://www.securityfocus.com/bid/29125
http://www.vupen.com/english/advisories/2008/1522/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42306