exploitDog

CVE-2008-7151

Опубликовано: 01 сент. 2009

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Cross-site request forgery (CSRF) vulnerability in Live 5.x before 5.x-0.1, a module for Drupal, allows remote attackers to hijack the authentication of unspecified privileged users for requests that can be leveraged to execute arbitrary PHP code.

Ссылки

http://drupal.org/node/236607
Patch
Vendor Advisory
http://drupal.org/node/236609
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/41754
http://drupal.org/node/236607
Patch
Vendor Advisory
http://drupal.org/node/236609
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/41754

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:gurpartap_singh:live:5.x-1.x-dev:*:*:*:*:*:*:*

cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

EPSS

Процентиль: 28%

0.00098

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-xr49-pr22-vxc8

github

около 3 лет назад

Cross-site request forgery (CSRF) vulnerability in Live 5.x before 5.x-0.1, a module for Drupal, allows remote attackers to hijack the authentication of unspecified privileged users for requests that can be leveraged to execute arbitrary PHP code.

EPSS

Процентиль: 28%

0.00098

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352