CVE Vulnerability

CVE-2007-4193

Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in IDE Group DVD Rental System (DRS) 5.1 before 20070801 allow remote attackers to perform certain actions as arbitrary users, as demonstrated by (1) modifying data or (2) canceling a subscription. NOTE: it is not clear whether IDE Group updates all DRS installations in its role as an application service provider. If so, then this issue should not be included in CVE.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

References
Link Resource
http://archives.neohapsis.com/archives/fulldisclosure/2007-08/0020.html
http://secunia.com/advisories/26310
http://osvdb.org/39523
http://www.vupen.com/english/advisories/2007/2806
https://exchange.xforce.ibmcloud.com/vulnerabilities/35769
Configurations

Configuration 1

cpe:2.3:a:ide_group:dvd_rental_system_drs:5.1:*:*:*:*:*:*:*
Information

Published : 2007-08-08 01:17

Updated : 2017-07-29 01:32

NVD link : CVE-2007-4193

Mitre link : CVE-2007-4193

Products Affected
No products.
CWE
NVD-CWE-Other