CVE-2008-6639

Опубликовано: 07 апр. 2009

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Cross-site request forgery (CSRF) vulnerability in admin.php in AjaXplorer 2.3.3 and 2.3.4 allows remote attackers to hijack the authentication of administrators for requests that modify passwords via the update_user_pwd action.

Ссылки

http://gmda.altervista.org/AjaXplorer-2.3.3/cka.txt
Exploit
http://secunia.com/advisories/30383
Vendor Advisory
http://www.osvdb.org/45656
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/42694
http://gmda.altervista.org/AjaXplorer-2.3.3/cka.txt
Exploit
http://secunia.com/advisories/30383
Vendor Advisory
http://www.osvdb.org/45656
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/42694

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ajaxplorer:ajaxplorer:2.3.3:*:*:*:*:*:*:*

cpe:2.3:a:ajaxplorer:ajaxplorer:2.3.4:*:*:*:*:*:*:*

EPSS

Процентиль: 36%

0.00149

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

CVE-2008-6639

debian

почти 17 лет назад

Cross-site request forgery (CSRF) vulnerability in admin.php in AjaXpl ...

GHSA-4f2j-9hxw-7f6r

github

больше 3 лет назад