Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0266

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2008-0266
Last Modified 05 Sep 2008 05:34:37
Published 15 Jan 2008 03:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2008-0266

Summary

Cross-site request forgery (CSRF) vulnerability in admin.php in eTicket 1.5.5.2 allows remote attackers to change the administrative password and possibly perform other administrative tasks. NOTE: either the old password must be known, or the attacker must leverage a separate SQL injection vulnerability.

Vulnerable Systems

Application

  • Eticket 1.5.5.2


References

XF - eticket-admin-csrf(39490)

BID - 27173

BUGTRAQ - 20080106 eTicket 1.5.5.2 Multiple Vulnerabilities

SECUNIA - 28331

SREASON - 3542


Last Updated: 27 May 2016 10:46:44