Vulnerability CVE-2010-0711


Published: 2010-02-25   Modified: 2012-02-13

Description:
Cross-site request forgery (CSRF) vulnerability in default.asp in ASPCode CMS 1.5.8, 2.0.0 Build 103, and possibly other versions, allows remote attackers to hijack the authentication of an administrator for requests that (1) delete users via the delete action in the ma2 parameter or (2) create administrators via the update action in the ma2 parameter.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
ASPCode CMS 1.5.8 2.0.0b103 Multiple Vulnerability
Alberto \"f...
02.03.2010

Type:

CWE-352

(Cross-Site Request Forgery (CSRF))

Vendor: Aspcodecms
Product: Aspcode cms 
Version: 2.0.0; 1.5.8;

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://secunia.com/advisories/38596
http://packetstormsecurity.org/1002-exploits/aspcodecms-xssxsrf.txt
http://osvdb.org/62357

Copyright 2019, cxsecurity.com

 

Back to Top