Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2008-5113

Опубликовано: 17 нояб. 2008
Источник: nvd
CVSS2: 4
EPSS Низкий

Описание

WordPress 2.6.3 relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier for remote attackers to conduct delayed and persistent cross-site request forgery (CSRF) attacks via crafted cookies, as demonstrated by attacks that (1) delete user accounts or (2) cause a denial of service (loss of application access). NOTE: this issue relies on the presence of an independent vulnerability that allows cookie injection.

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:wordpress:wordpress:2.6.3:*:*:*:*:*:*:*

EPSS

Процентиль: 49%
0.00255
Низкий

4 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

ubuntu
больше 16 лет назад

WordPress 2.6.3 relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier for remote attackers to conduct delayed and persistent cross-site request forgery (CSRF) attacks via crafted cookies, as demonstrated by attacks that (1) delete user accounts or (2) cause a denial of service (loss of application access). NOTE: this issue relies on the presence of an independent vulnerability that allows cookie injection.

redhat
почти 17 лет назад

WordPress 2.6.3 relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier for remote attackers to conduct delayed and persistent cross-site request forgery (CSRF) attacks via crafted cookies, as demonstrated by attacks that (1) delete user accounts or (2) cause a denial of service (loss of application access). NOTE: this issue relies on the presence of an independent vulnerability that allows cookie injection.

debian
больше 16 лет назад

WordPress 2.6.3 relies on the REQUEST superglobal array in certain dan ...

github
около 3 лет назад

WordPress 2.6.3 relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier for remote attackers to conduct delayed and persistent cross-site request forgery (CSRF) attacks via crafted cookies, as demonstrated by attacks that (1) delete user accounts or (2) cause a denial of service (loss of application access). NOTE: this issue relies on the presence of an independent vulnerability that allows cookie injection.

EPSS

Процентиль: 49%
0.00255
Низкий

4 Medium

CVSS2

Дефекты

CWE-352