Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6480

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-6480
Last Modified 02 Apr 2009 01:43:36
Published 16 Mar 2009 03:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-6480

Summary

Cross-site request forgery (CSRF) vulnerability in engine/modules/imagepreview.php in Datalife Engine 6.7 allows remote attackers to hijack the authentication of arbitrary users for requests that use a modified image parameter.

Vulnerable Systems

Application

  • Softnews Media Group Datalife Engine 6.7


References

XF - datalifeengine-imagepreview-csrf(41598)

BUGTRAQ - 20080401 Datalife Engine 6.7 XSRF

OSVDB - 51107


Last Updated: 27 May 2016 10:49:12