exploitDog

CVE-2014-4718

Опубликовано: 03 июл. 2014

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Multiple cross-site request forgery (CSRF) vulnerabilities in Lunar CMS before 3.3-3 allow remote attackers to hijack the authentication of administrators for requests that (1) add Super users via a request to admin/user_create.php or conduct cross-site scripting (XSS) attacks via the (2) email or (3) subject parameter in contact_form.ext.php to admin/extensions.php.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:lunarcms:lunar_cms:*:1:*:*:*:*:*:*

Версия до 3.3 (включая)

cpe:2.3:a:lunarcms:lunar_cms:3.1:*:*:*:*:*:*:*

cpe:2.3:a:lunarcms:lunar_cms:3.2:*:*:*:*:*:*:*

cpe:2.3:a:lunarcms:lunar_cms:3.3:*:*:*:*:*:*:*

EPSS

Процентиль: 84%

0.02121

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-wv36-9cfh-hqgr

github

больше 3 лет назад

Multiple cross-site request forgery (CSRF) vulnerabilities in Lunar CMS before 3.3-3 allow remote attackers to hijack the authentication of administrators for requests that (1) add Super users via a request to admin/user_create.php or conduct cross-site scripting (XSS) attacks via the (2) email or (3) subject parameter in contact_form.ext.php to admin/extensions.php.

EPSS

Процентиль: 84%

0.02121

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352