Описание
Multiple cross-site request forgery (CSRF) vulnerabilities in (1) addaddress.php, (2) toggleignore.php, (3) removeignore.php, and (4) removeaddress.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to modify settings as another user via a link or IMG tag.
Ссылки
- ExploitMailing List
- Broken LinkExploitPatchVendor Advisory
- Broken LinkPatch
- ExploitMailing List
- Broken LinkExploitPatchVendor Advisory
- Broken LinkPatch
Уязвимые конфигурации
Конфигурация 1Версия до 6.5.1.1 (включая)
cpe:2.3:a:ubbcentral:ubb.threads:*:*:*:*:*:*:*:*
EPSS
Процентиль: 55%
0.00325
Низкий
6.5 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 6.5
github
почти 4 года назад
Multiple cross-site request forgery (CSRF) vulnerabilities in (1) addaddress.php, (2) toggleignore.php, (3) removeignore.php, and (4) removeaddress.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to modify settings as another user via a link or IMG tag.
EPSS
Процентиль: 55%
0.00325
Низкий
6.5 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-352