Lucene search

[email protected]CVE-2008-0198

HistoryJan 10, 2008 - 12:46 a.m.

CVE-2008-0198

2008-01-1000:46:00

CWE-352

[email protected]

web.nvd.nist.gov

cve-2008-0198

csrf

vulnerabilities

wp-contactform

wordpress

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7.1 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.1%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in wp-contact-form/options-contactform.php in the WP-ContactForm 1.5 alpha and earlier plugin for WordPress allow remote attackers to perform actions as administrators via the (1) wpcf_question, (2) wpcf_success_msg, or (3) wpcf_error_msg parameter to wp-admin/admin.php.

Affected configurations

NVD

Node

wp-contactform_projectwp-contactformMatch1.5alphawordpress

CPENameOperatorVersion
wp-contactform_project:wp-contactformwp-contactform project wp-contactformeq1.5

CPE	Name	Operator	Version
wp-contactform_project:wp-contactform	wp-contactform project wp-contactform	eq	1.5

References

lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html

securityreason.com/securityalert/3539

securityvulns.ru/Sdocument546.html

securityvulns.ru/Sdocument667.html

websecurity.com.ua/1600/

websecurity.com.ua/1641/

www.securityfocus.com/archive/1/485786/100/0/threaded

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

7.1 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.1%

JSON

Related for CVE-2008-0198

cvelist1 nvd1 patchstack1 prion1