Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4193

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-4193
Last Modified 07 Mar 2011 09:57:57
Published 07 Aug 2007 09:17:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4193

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in IDE Group DVD Rental System (DRS) 5.1 before 20070801 allow remote attackers to perform certain actions as arbitrary users, as demonstrated by (1) modifying data or (2) canceling a subscription. NOTE: it is not clear whether IDE Group updates all DRS installations in its role as an application service provider. If so, then this issue should not be included in CVE.

Vulnerable Systems

Application

  • Ide Group Dvd Rental System Drs 5.1


References

VUPEN - ADV-2007-2806

OSVDB - 39523

FULLDISC - 20070802 DVD Rental System multiple XSS and CSRF vulnerabilities

XF - drs-index-csrf(35769)

SECUNIA - 26310


Last Updated: 27 May 2016 10:45:48