Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
Vulnerability
CVE-2018-10137
Published:
2018-04-16
Description:
iScripts UberforX 2.2 has CSRF in the "manage_settings" section of the Admin Panel via the /cms?section=manage_settings&action=edit URI.
Type:
CWE-352
(Cross-Site Request Forgery (CSRF))
Vendor:
Iscripts
Product:
Uberforx
Version:
2.2;
CVSS2
=> (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
References:
https://pastebin.com/TCEWRZEd
Related CVE
CVE-2018-11470
iScripts eSwap v2.4 has SQL injection via the "search.php" 'Told' parameter in the User Panel.
CVE-2018-11373
iScripts eSwap v2.4 has SQL injection via the "salelistdetailed.php" User Panel ToId parameter.
CVE-2018-11372
iScripts eSwap v2.4 has SQL injection via the wishlistdetailed.php User Panel ToId parameter.
CVE-2018-10136
iScripts UberforX 2.2 has Stored XSS in the "manage_settings" section of the Admin Panel via a value field to the /cms?section=manage_settings&action=edit URI.
CVE-2018-10135
iScripts eSwap v2.4 has Reflected XSS via the "catwiseproducts.php" catid parameter in the User Panel.
CVE-2018-10052
iScripts SupportDesk v4.3 has XSS via the admin/inteligentsearchresult.php txtinteligentsearch parameter.
CVE-2018-10051
iScripts SupportDesk v4.3 has XSS via the staff/inteligentsearchresult.php txtinteligentsearch parameter.
CVE-2018-10050
iScripts eSwap v2.4 has SQL injection via the "registration_settings.php" ddlFree parameter in the Admin Panel.
Copyright
2018
, cxsecurity.com
Back to Top
