CVE-2008-7214

Exploit

EPSS 0.3%
Published 11.09.2009 16:30:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Cross-site request forgery (CSRF) vulnerability in administrator/index2.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to hijack the authentication of administrators for requests that add new administrator accounts via the save task in a com_users action, as demonstrated using a separate XSS vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php.

Affected products Warnungen 0 Metrics 2 CWE 1 References 11

Data is provided by the National Vulnerability Database (NVD)

Mambo-foundation ≫ Mambo Version <= 4.6.3

Mambo-foundation ≫ Mambo Version4.6.2

Brilaps ≫ Mostlyce Version <= 2.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.3%	0.502

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html

http://forum.mambo-foundation.org/showthread.php?t=10158

http://secunia.com/advisories/28670

Vendor Advisory

http://www.bugreport.ir/index_33.htm

Exploit

http://www.securityfocus.com/archive/1/487128/100/200/threaded

http://www.vupen.com/english/advisories/2008/0325

Vendor Advisory

http://osvdb.org/42531

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/39985

https://nvd.nist.gov/vuln/detail/CVE-2008-7214

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-7214

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-7214

EUVD