exploitDog

CVE-2015-2983

Опубликовано: 22 авг. 2015

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Cross-site request forgery (CSRF) vulnerability in admin.php in PHP Kobo Photo Gallery CMS for PC, smartphone and feature phone 1.0.1 Free and earlier allows remote attackers to hijack the authentication of arbitrary users.

Ссылки

http://jvn.jp/en/jp/JVN78240242/index.html
Vendor Advisory
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000114
Vendor Advisory
http://www.php-factory.net/trivia/16.php
Vendor Advisory
http://jvn.jp/en/jp/JVN78240242/index.html
Vendor Advisory
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000114
Vendor Advisory
http://www.php-factory.net/trivia/16.php
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:php_kobo:photo_gallery_cms_free:1.0.0:*:*:*:*:*:*:*

cpe:2.3:a:php_kobo:photo_gallery_cms_free:1.0.1:*:*:*:*:*:*:*

EPSS

Процентиль: 32%

0.00126

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-r9pg-rq85-x734

github

больше 3 лет назад

Cross-site request forgery (CSRF) vulnerability in admin.php in PHP Kobo Photo Gallery CMS for PC, smartphone and feature phone 1.0.1 Free and earlier allows remote attackers to hijack the authentication of arbitrary users.

EPSS

Процентиль: 32%

0.00126

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352