6.8

CVE-2008-7214

Exploit
Cross-site request forgery (CSRF) vulnerability in administrator/index2.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to hijack the authentication of administrators for requests that add new administrator accounts via the save task in a com_users action, as demonstrated using a separate XSS vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mambo-foundationMambo Version <= 4.6.3
Mambo-foundationMambo Version4.6.2
BrilapsMostlyce Version <= 2.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.75% 0.501
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html
http://forum.mambo-foundation.org/showthread.php?t=10158
http://secunia.com/advisories/28670
Vendor Advisory
http://www.bugreport.ir/index_33.htm
Exploit
http://www.securityfocus.com/archive/1/487128/100/200/threaded
http://www.vupen.com/english/advisories/2008/0325
Vendor Advisory
http://osvdb.org/42531
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/39985