Lucene search

[email protected]CVE-2004-2364

HistoryDec 31, 2004 - 5:00 a.m.

CVE-2004-2364

2004-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2004-2364

csrf

phpx

remote code execution

vulnerability

security

8 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.033 Low

EPSS

Percentile

91.3%

JSON

Cross-site request forgery (CSRF) vulnerability in PHPX 3.0 through 3.2.6 allows remote attackers to execute arbitrary commands via URLs that are automatically executed on behalf of the administrator, as demonstrated using (1) admin/page.php, (2) admin/news.php, (3) admin/user.php, (4) admin/images.php, (5) admin/page.php, or (6) admin/forums.php.

CPENameOperatorVersion
phpx:phpxphpxeq3.2.4
phpx:phpxphpxeq3.2.5
phpx:phpxphpxeq3.1.0
phpx:phpxphpxeq3.1.2
phpx:phpxphpxeq3.0.4
phpx:phpxphpxeq3.0.0
phpx:phpxphpxeq3.1.4
phpx:phpxphpxeq3.0.2
phpx:phpxphpxeq3.0.1
phpx:phpxphpxeq3.0.6

CPE	Name	Operator	Version
phpx:phpx	phpx	eq	3.2.4
phpx:phpx	phpx	eq	3.2.5
phpx:phpx	phpx	eq	3.1.0
phpx:phpx	phpx	eq	3.1.2
phpx:phpx	phpx	eq	3.0.4
phpx:phpx	phpx	eq	3.0.0
phpx:phpx	phpx	eq	3.1.4
phpx:phpx	phpx	eq	3.0.2
phpx:phpx	phpx	eq	3.0.1
phpx:phpx	phpx	eq	3.0.6

Rows per page:

1-10 of 201

References

secunia.com/advisories/11554

securitytracker.com/id?1010061

www.osvdb.org/5907

www.osvdb.org/5908

www.osvdb.org/5909

www.osvdb.org/5910

www.osvdb.org/5911

www.phpx.org/project.php?action=view&project_id=1

www.securityfocus.com/archive/1/362230

www.securityfocus.com/bid/10284

8 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.033 Low

EPSS

Percentile

91.3%

JSON

Related for CVE-2004-2364

exploitpack1 exploitdb1