Lucene search

[email protected]CVE-2008-0266

HistoryJan 15, 2008 - 8:00 p.m.

CVE-2008-0266

2008-01-1520:00:00

CWE-352

[email protected]

web.nvd.nist.gov

cve-2008-0266

csrf

eticket

security vulnerability

admin.php

nvd

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

8 High

AI Score

Confidence

Low

0.014 Low

EPSS

Percentile

86.6%

JSON

Cross-site request forgery (CSRF) vulnerability in admin.php in eTicket 1.5.5.2 allows remote attackers to change the administrative password and possibly perform other administrative tasks. NOTE: either the old password must be known, or the attacker must leverage a separate SQL injection vulnerability.

Affected configurations

NVD

Node

eticketeticketMatch1.5.5.2

CPENameOperatorVersion
eticket:eticketeticketeq1.5.5.2

CPE	Name	Operator	Version
eticket:eticket	eticket	eq	1.5.5.2

References

secunia.com/advisories/28331

securityreason.com/securityalert/3542

www.securityfocus.com/archive/1/485835/100/0/threaded

www.securityfocus.com/bid/27173

exchange.xforce.ibmcloud.com/vulnerabilities/39490

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

8 High

AI Score

Confidence

Low

0.014 Low

EPSS

Percentile

86.6%

JSON

Related for CVE-2008-0266

prion1 cvelist1 nvd1