Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2010-3024

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2010-3024
Last Modified 15 Feb 2012 12:00:00
Published 16 Aug 2010 04:00:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2010-3024

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in user/main/update_user in DiamondList 0.1.6, and possibly earlier, allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrative password or (2) change the site's configuration.

Vulnerable Systems

Application

  • Ehulihanapplications Diamondlist 0.1.6

  • Hulihanapplications Diamondlist 0.1.6


References

XF - diamondlist-updateuser-csrf(60937)

MISC - http://www.htbridge.ch/advisory/xsrf_csrf_in_diamondlist.html

EXPLOIT-DB - 14565

SECUNIA - 40873

MISC - http://packetstormsecurity.org/1008-exploits/diamondlist-xssxsrf.txt

OSVDB - 66918

BUGTRAQ - 20100805 XSRF (CSRF) in DiamondList

CONFIRM - http://dev.hulihanapplications.com/issues/show/212


Last Updated: 27 May 2016 10:57:26