CVE Vulnerability

CVE-2008-7214

Cross-site request forgery (CSRF) vulnerability in administrator/index2.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to hijack the authentication of administrators for requests that add new administrator accounts via the save task in a com_users action, as demonstrated using a separate XSS vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php.

6.8 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html
http://www.vupen.com/english/advisories/2008/0325 Vendor Advisory
http://forum.mambo-foundation.org/showthread.php?t=10158
http://secunia.com/advisories/28670 Vendor Advisory
http://www.bugreport.ir/index_33.htm Exploit
http://osvdb.org/42531 Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/39985
http://www.securityfocus.com/archive/1/487128/100/200/threaded
Configurations

Configuration 1
Information

Published : 2009-09-11 04:30

Updated : 2018-10-11 08:58

NVD link : CVE-2008-7214

Mitre link : CVE-2008-7214

Products Affected

Mambo

Mambo-foundation

CWE
CWE-352