CVE-2011-4173

Опубликовано: 24 окт. 2011

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Cross-site request forgery (CSRF) vulnerability in Simple Machines Forum (SMF) 2.x before 2.0.1 allows remote attackers to hijack the authentication of administrators or moderators via vectors involving image files, a different vulnerability than CVE-2011-3615. NOTE: some of these details are obtained from third party information.

Ссылки

http://openwall.com/lists/oss-security/2011/10/09/3
http://openwall.com/lists/oss-security/2011/10/10/6
http://secunia.com/advisories/46386
Vendor Advisory
http://www.simplemachines.org/community/index.php?topic=452888.0
Vendor Advisory
http://openwall.com/lists/oss-security/2011/10/09/3
http://openwall.com/lists/oss-security/2011/10/10/6
http://secunia.com/advisories/46386
Vendor Advisory
http://www.simplemachines.org/community/index.php?topic=452888.0
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:simplemachines:smf:2.0:*:*:*:*:*:*:*

cpe:2.3:a:simplemachines:smf:2.0:beta1:*:*:*:*:*:*

cpe:2.3:a:simplemachines:smf:2.0:beta2:*:*:*:*:*:*

cpe:2.3:a:simplemachines:smf:2.0:beta2.1:*:*:*:*:*:*

cpe:2.3:a:simplemachines:smf:2.0:beta3:*:*:*:*:*:*

cpe:2.3:a:simplemachines:smf:2.0:beta3.1:*:*:*:*:*:*

cpe:2.3:a:simplemachines:smf:2.0:beta4:*:*:*:*:*:*

cpe:2.3:a:simplemachines:smf:2.0:rc1:*:*:*:*:*:*

cpe:2.3:a:simplemachines:smf:2.0:rc1.2:*:*:*:*:*:*

cpe:2.3:a:simplemachines:smf:2.0:rc2:*:*:*:*:*:*

cpe:2.3:a:simplemachines:smf:2.0:rc3:*:*:*:*:*:*

cpe:2.3:a:simplemachines:smf:2.0:rc4:*:*:*:*:*:*

cpe:2.3:a:simplemachines:smf:2.0:rc5:*:*:*:*:*:*

EPSS

Процентиль: 35%

0.00142

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-gj7r-xvvj-mxwm

github

больше 3 лет назад