Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-2754

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2013-2754
Last Modified 11 Mar 2014 08:47:23
Published 11 Mar 2014 03:37:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-2754

Summary

Cross-site request forgery (CSRF) vulnerability in Umisoft UMI.CMS before 2.9 build 21905 allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via a request to admin/users/add/user/do/.

Vulnerable Systems

Application

  • Umi-cms Umi.cms 2.3.3.9

  • Umi-cms Umi.cms 2.5.0

  • Umi-cms Umi.cms 2.5.2

  • Umi-cms Umi.cms 2.5.3

  • Umi-cms Umi.cms 2.6

  • Umi-cms Umi.cms 2.6.1

  • Umi-cms Umi.cms 2.6.2

  • Umi-cms Umi.cms 2.6.3

  • Umi-cms Umi.cms 2.6.4

  • Umi-cms Umi.cms 2.6.5

  • Umi-cms Umi.cms 2.6.7

  • Umi-cms Umi.cms 2.6.8

  • Umi-cms Umi.cms 2.7.0

  • Umi-cms Umi.cms 2.7.2

  • Umi-cms Umi.cms 2.7.3

  • Umi-cms Umi.cms 2.7.4

  • Umi-cms Umi.cms 2.8.0

  • Umi-cms Umi.cms 2.8.0.5

  • Umi-cms Umi.cms 2.8.1

  • Umi-cms Umi.cms 2.8.1.2

  • Umi-cms Umi.cms 2.8.1.3

  • Umi-cms Umi.cms 2.8.2

  • Umi-cms Umi.cms 2.8.3

  • Umi-cms Umi.cms 2.8.4

  • Umi-cms Umi.cms 2.8.4.1

  • Umi-cms Umi.cms 2.8.4.2

  • Umi-cms Umi.cms 2.8.4.3

  • Umi-cms Umi.cms 2.8.4.4

  • Umi-cms Umi.cms 2.8.5

  • Umi-cms Umi.cms 2.8.5.1

  • Umi-cms Umi.cms 2.8.5.2

  • Umi-cms Umi.cms 2.8.5.3

  • Umi-cms Umi.cms 2.8.6

  • Umi-cms Umi.cms 2.8.6.1

  • Umi-cms Umi.cms 2.9


References

MISC - https://www.htbridge.com/advisory/HTB23151

EXPLOIT-DB - 25449

MISC - http://packetstormsecurity.com/files/121564/UMI.CMS-2.9-Cross-Site-Request-Forgery.html

OSVDB - 93104

BUGTRAQ - 20130508 Cross-Site Request Forgery (CSRF) in UMI.CMS


Last Updated: 27 May 2016 10:47:32