Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-6433

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-6433
Last Modified 07 Jan 2013 12:00:00
Published 03 Jan 2013 06:54:26
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-6433

Summary

Cross-site request forgery (CSRF) vulnerability in e107_admin/newspost.php in e107 1.0.1 allows remote attackers to hijack the authentication of administrators for requests that conduct XSS attacks via the news_title parameter in a create action.

Vulnerable Systems

Application

  • E107 1.0.1


References

CONFIRM - http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/newspost.php?sortdir=down&r1=12622&r2=12992&sortby=rev

EXPLOIT-DB - 23828

CONFIRM - http://e107.org/changelog


Last Updated: 27 May 2016 10:49:52