Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6729

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-6729
Last Modified 20 Apr 2009 12:00:00
Published 20 Apr 2009 10:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-6729

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in password.php in PHPmotion 2.1 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that modify an account via the (1) password or (2) email_address parameter.

Vulnerable Systems

Application

  • Phpmotion 1.0

  • Phpmotion 2.0

  • Phpmotion 2.1


References

XF - phpmotion-password-csrf(47585)

MILW0RM - 7557

SECUNIA - 33309

OSVDB - 50999


Last Updated: 27 May 2016 10:49:18