Описание
Cross-site request forgery (CSRF) vulnerability in PHPX 3.0 through 3.2.6 allows remote attackers to execute arbitrary commands via URLs that are automatically executed on behalf of the administrator, as demonstrated using (1) admin/page.php, (2) admin/news.php, (3) admin/user.php, (4) admin/images.php, (5) admin/page.php, or (6) admin/forums.php.
Ссылки
- PatchURL Repurposed
- ExploitVendor Advisory
- ExploitPatch
- PatchURL Repurposed
- ExploitVendor Advisory
- ExploitPatch
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:phpx:phpx:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:phpx:phpx:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:phpx:phpx:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:phpx:phpx:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:phpx:phpx:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:phpx:phpx:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:phpx:phpx:3.0.6:*:*:*:*:*:*:*
cpe:2.3:a:phpx:phpx:3.0.7:*:*:*:*:*:*:*
cpe:2.3:a:phpx:phpx:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:phpx:phpx:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:phpx:phpx:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:phpx:phpx:3.1.3:*:*:*:*:*:*:*
cpe:2.3:a:phpx:phpx:3.1.4:*:*:*:*:*:*:*
cpe:2.3:a:phpx:phpx:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:phpx:phpx:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:phpx:phpx:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:phpx:phpx:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:phpx:phpx:3.2.4:*:*:*:*:*:*:*
cpe:2.3:a:phpx:phpx:3.2.5:*:*:*:*:*:*:*
cpe:2.3:a:phpx:phpx:3.2.6:*:*:*:*:*:*:*
EPSS
Процентиль: 92%
0.07492
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Cross-site request forgery (CSRF) vulnerability in PHPX 3.0 through 3.2.6 allows remote attackers to execute arbitrary commands via URLs that are automatically executed on behalf of the administrator, as demonstrated using (1) admin/page.php, (2) admin/news.php, (3) admin/user.php, (4) admin/images.php, (5) admin/page.php, or (6) admin/forums.php.
EPSS
Процентиль: 92%
0.07492
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other