Vulnerability CVE-2008-2071
Published: 2008-05-12   Modified: 2012-02-12

Description:
Multiple cross-site request forgery (CSRF) vulnerabilities in the WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 before 11.22.3 allow remote attackers to perform unauthorized actions as cPanel administrators via requests to cpanel/whm/webmail and other unspecified vectors.

See advisories in our WLB2 database:
Topic
Author
Date
Low
XSS and CSRF vulnerability on Cpanel 11
Matteo Carli
12.05.2008

Type:

CWE-352

 (Cross-Site Request Forgery (CSRF))

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Cpanel -> Cpanel 

 References:
http://changelog.cpanel.net/?revision=0;tree=;treeview=;show=html;pp=25;te=1314;pg=2
http://lists.grok.org.uk/pipermail/full-disclosure/2008-May/062197.html
http://securityreason.com/securityalert/3866
http://www.securityfocus.com/archive/1/491864/100/0/threaded
http://www.securityfocus.com/bid/29125
http://www.vupen.com/english/advisories/2008/1522/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42306
Copyright 2024, cxsecurity.com

 

Back to Top