6.8
CVE-2010-2039
- EPSS 1.14%
- Veröffentlicht 25.05.2010 14:30:01
- Zuletzt bearbeitet 16.06.2026 23:19:51
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginCross-site request forgery (CSRF) vulnerability in gpEasy CMS 1.6.2, 1.6.1, and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative users via an Admin_Users action to index.php. NOTE: some of these details are obtained from third party information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Gpeasy ≫ Gpeasy Cms Version <= 1.6.2
Gpeasy ≫ Gpeasy Cms Version1.5
Gpeasy ≫ Gpeasy Cms Version1.5 Updaterc2
Gpeasy ≫ Gpeasy Cms Version1.5 Updaterc3
Gpeasy ≫ Gpeasy Cms Version1.5 Updaterc4
Gpeasy ≫ Gpeasy Cms Version1.6
Gpeasy ≫ Gpeasy Cms Version1.6 Updaterc1
Gpeasy ≫ Gpeasy Cms Version1.6 Updaterc2
Gpeasy ≫ Gpeasy Cms Version1.6 Updaterc3
Gpeasy ≫ Gpeasy Cms Version1.6 Updaterc4
Gpeasy ≫ Gpeasy Cms Version1.6 Updaterc5
Gpeasy ≫ Gpeasy Cms Version1.6.1
Gpeasy ≫ Gpeasy Cms Version1.6.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.14% | 0.625 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
http://secunia.com/advisories/39643
http://packetstormsecurity.org/1004-exploits/gpeasy-xsrf.txt
http://www.exploit-db.com/exploits/12441
http://www.osvdb.org/64130
http://www.vupen.com/english/advisories/2010/1030
https://exchange.xforce.ibmcloud.com/vulnerabilities/58214