Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5229

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2007-5229
Last Modified 10 Sep 2008 09:01:00
Published 05 Oct 2007 07:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-5229

Summary

Cross-site request forgery (CSRF) vulnerability in the FeedBurner FeedSmith 2.2 plugin for WordPress allows remote attackers to change settings and hijack blog feeds via a request to wp-admin/options-general.php that submits parameter values to FeedBurner_FeedSmith_Plugin.php, as demonstrated by the (1) feedburner_url and (2) feedburner_comments_url parameters.

Vulnerable Systems

Application

  • Feedburner Feedsmith 2.2


References

SECUNIA - 27055

FULLDISC - 20071003 Hijacking Feeds with Feedburner

MISC - http://blogsecurity.net/wordpress/feedsmith-feedburner-vulnerability-fixed/

MISC - http://blogsecurity.net/wordpress/feedburner-feed-hijacking/

XF - feedburner-feedsmith-plugin-csrf(36940)

BID - 25921

CONFIRM - http://blogs.feedburner.com/feedburner/archives/2007/10/the_feedsmith_plugin_newly_for.php


Last Updated: 27 May 2016 10:46:06