Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2916

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2014-2916
Last Modified 31 Jul 2015 09:35:47
Published 05 May 2014 12:07:06
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-2916

Summary

Cross-site request forgery (CSRF) vulnerability in the subscription page editor (spageedit) in phpList before 3.0.6 allows remote attackers to hijack the authentication of administrators via a request to admin/.

Vulnerable Systems

Application

  • Phplist 3.0.0

  • Phplist 3.0.1

  • Phplist 3.0.2

  • Phplist 3.0.3

  • Phplist 3.0.4

  • Phplist 3.0.5


References

CONFIRM - http://www.phplist.com/?lid=638

SECUNIA - 57893

MISC - http://labs.davidsopas.com/2014/04/phplist-csrf-on-subscription-page.html

SECTRACK - 1030191


Last Updated: 27 May 2016 11:05:11