CVE-2010-0709

Sažetak

Multiple cross-site request forgery (CSRF) vulnerabilities in Limny 2.0 allow remote attackers to (1) hijack the authentication of users or administrators for requests that change the email address or password via the user action to index.php, and (2) hijack the authentication of the administrator for requests that create a new user via the admin/modules/user/new action to limny/index.php.

Reference

http://osvdb.org/62389
http://secunia.com/advisories/38616
http://www.exploit-db.com/exploits/11477
http://www.exploit-db.com/exploits/11478
http://www.limny.org/
https://exchange.xforce.ibmcloud.com/vulnerabilities/56318

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

17-08-2017 - 01:32

Objavljeno

25-02-2010 - 20:30