Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5918


Vulnerability Score 6.0 6.0
CVE Id CVE-2007-5918
Last Modified 05 Sep 2008 05:31:56
Published 09 Nov 2007 09:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE



Cross-site request forgery (CSRF) vulnerability in edit.php in the MS TopSites add-on for PHP-Nuke does not verify that the uname parameter matches the current account, which allows remote authenticated users to change arbitrary accounts or change the SiteTitleName field as an arbitrary user via a modified uname value in an edit action to modules.php.

Vulnerable Systems


  • Ms Topsites


BID - 26358

BUGTRAQ - 20071106 PhpNuke (add-on) MS TopSites Edit Exploit And Html Injection


Last Updated: 27 May 2016 10:46:19