Описание
Cross-site request forgery (CSRF) vulnerability in Claroline before 1.8.10 allows remote attackers to change passwords, related to lack of a requirement for the previous password.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.8.9 (включая)
Одно из
cpe:2.3:a:claroline:claroline:*:*:*:*:*:*:*:*
cpe:2.3:a:claroline:claroline:1.2:*:*:*:*:*:*:*
cpe:2.3:a:claroline:claroline:1.3:*:*:*:*:*:*:*
cpe:2.3:a:claroline:claroline:1.4:*:*:*:*:*:*:*
cpe:2.3:a:claroline:claroline:1.5:*:*:*:*:*:*:*
cpe:2.3:a:claroline:claroline:1.5.3:*:*:*:*:*:*:*
cpe:2.3:a:claroline:claroline:1.5.4:*:*:*:*:*:*:*
cpe:2.3:a:claroline:claroline:1.6:*:*:*:*:*:*:*
cpe:2.3:a:claroline:claroline:1.6_beta:*:*:*:*:*:*:*
cpe:2.3:a:claroline:claroline:1.6_rc1:*:*:*:*:*:*:*
cpe:2.3:a:claroline:claroline:1.7:*:*:*:*:*:*:*
cpe:2.3:a:claroline:claroline:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:claroline:claroline:1.7.2:*:*:*:*:*:*:*
cpe:2.3:a:claroline:claroline:1.7.3:*:*:*:*:*:*:*
cpe:2.3:a:claroline:claroline:1.7.4:*:*:*:*:*:*:*
cpe:2.3:a:claroline:claroline:1.7.5:*:*:*:*:*:*:*
cpe:2.3:a:claroline:claroline:1.7.6:*:*:*:*:*:*:*
cpe:2.3:a:claroline:claroline:1.7.7:*:*:*:*:*:*:*
cpe:2.3:a:claroline:claroline:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:claroline:claroline:1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:claroline:claroline:1.8.2:*:*:*:*:*:*:*
cpe:2.3:a:claroline:claroline:1.8.3:*:*:*:*:*:*:*
cpe:2.3:a:claroline:claroline:1.8.4:*:*:*:*:*:*:*
cpe:2.3:a:claroline:claroline:1.8.5:*:*:*:*:*:*:*
cpe:2.3:a:claroline:claroline:1.8.6:*:*:*:*:*:*:*
cpe:2.3:a:claroline:claroline:1.8.7:*:*:*:*:*:*:*
cpe:2.3:a:claroline:claroline:1.8.8:*:*:*:*:*:*:*
EPSS
Процентиль: 54%
0.00312
Низкий
5.8 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
github
почти 4 года назад
Cross-site request forgery (CSRF) vulnerability in Claroline before 1.8.10 allows remote attackers to change passwords, related to lack of a requirement for the previous password.
EPSS
Процентиль: 54%
0.00312
Низкий
5.8 Medium
CVSS2
Дефекты
CWE-352