Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-6434

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-6434
Last Modified 07 Jan 2013 12:00:00
Published 03 Jan 2013 06:54:26
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-6434

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in e107_admin/download.php in e107 1.0.2 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) download_url, (2) download_url_extended, (3) download_author_email, (4) download_author_website, (5) download_image, (6) download_thumb, (7) download_visible, or (8) download_class parameter.

Vulnerable Systems

Application

  • E107 1.0.2


References

CONFIRM - http://e107.svn.sourceforge.net/viewvc/e107/trunk/e107_0.7/e107_admin/download.php?sortdir=down&r1=13037&r2=13058&sortby=rev

EXPLOIT-DB - 23829

CONFIRM - http://e107.org/changelog


Last Updated: 27 May 2016 11:01:34