6.8

CVE-2010-5285

Exploit
Cross-site request forgery (CSRF) vulnerability in admin.php in Collabtive 0.6.5 allows remote attackers to hijack the authentication of administrators for requests that add administrative users via the edituser action.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
O-dynCollabtive Version0.6.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.33% 0.675
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

http://packetstormsecurity.org/1010-exploits/collabtive-xssxsrf.txt
http://secunia.com/advisories/41805
Vendor Advisory
http://www.anatoliasecurity.com/adv/as-adv-2010-003.txt
http://www.exploit-db.com/exploits/15240
Exploit
http://www.securityfocus.com/bid/44050
Exploit