PT-2007-6163 · Xcms · Xcms
X0Kster
·
Publicado
2007-09-24
·
Atualizado
2018-10-15
·
CVE-2007-5060
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
XCMS (affected versions not specified)
Description
A cross-site request forgery (CSRF) issue exists in the cpass functionality of an admin action in index.php, allowing remote attackers to change arbitrary passwords. This is possibly related to certain
password and rpassword parameters, as well as timestamp values.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
CSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Xcms