Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5918

Overview

Vulnerability Score 6.0 6.0
CVE Id CVE-2007-5918
Last Modified 05 Sep 2008 05:31:56
Published 09 Nov 2007 09:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2007-5918

Summary

Cross-site request forgery (CSRF) vulnerability in edit.php in the MS TopSites add-on for PHP-Nuke does not verify that the uname parameter matches the current account, which allows remote authenticated users to change arbitrary accounts or change the SiteTitleName field as an arbitrary user via a modified uname value in an edit action to modules.php.

Vulnerable Systems

Application

  • Ms Topsites


References

BID - 26358

BUGTRAQ - 20071106 PhpNuke (add-on) MS TopSites Edit Exploit And Html Injection

MISC - http://0x90.com.ar/Advisory/20071106.txt


Last Updated: 27 May 2016 10:46:19