CVE-2008-6729

EPSS 0.22%
Veröffentlicht 20.04.2009 14:30:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Multiple cross-site request forgery (CSRF) vulnerabilities in password.php in PHPmotion 2.1 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that modify an account via the (1) password or (2) email_address parameter.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Phpmotion ≫ Phpmotion Version <= 2.1

Phpmotion ≫ Phpmotion Version1.0

Phpmotion ≫ Phpmotion Version2.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.22%	0.441

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

http://osvdb.org/50999

http://secunia.com/advisories/33309

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/47585

https://www.exploit-db.com/exploits/7557

https://nvd.nist.gov/vuln/detail/CVE-2008-6729

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-6729

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-6729

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2008-6729