Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9438

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2014-9438
Last Modified 05 Jan 2015 04:13:52
Published 02 Jan 2015 02:59:07
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-9438

Summary

Cross-site request forgery (CSRF) vulnerability in the Moderator Control Panel in vBulletin 4.2.2 allows remote attackers to hijack the authentication of administrators for requests that (1) ban a user via the username parameter in a dobanuser action to modcp/banning.php or (2) unban a user, (3) modify user profiles, edit a (4) post or (5) topic, or approve a (6) post or (7) topic via unspecified vectors.

Vulnerable Systems

Application

  • Vbulletin 4.2.2


References

MISC - https://rstforums.com/forum/88810-csrf-vbulletin-modcp.rst

XF - vbulletin-banning-csrf(99472)

MISC - http://packetstormsecurity.com/files/129619/vBulletin-Moderator-Control-Panel-4.2.2-CSRF.html


Last Updated: 27 May 2016 11:07:26