Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-7192

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-7192
Last Modified 28 Sep 2009 12:00:00
Published 09 Sep 2009 03:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-7192

Summary

Cross-site request forgery (CSRF) vulnerability in index.php in WoltLab Burning Board (wBB) 3.0.1, and possibly other 3.x versions, allows remote attackers to hijack the authentication of users for requests that delete private messages via the pmID parameter in a delete action in a PM page, a different vulnerability than CVE-2008-0472.

Vulnerable Systems

Application

  • Woltlab Burning Board 3.0.1


References

XF - wbb-index-csrf(39990)

BUGTRAQ - 20080126 WoltLab Burning Board 3.x.x Private Message Delete XSRF Vulnerability


Last Updated: 27 May 2016 10:49:30