Lucene search

[email protected]CVE-2008-1981

HistoryApr 27, 2008 - 8:05 p.m.

CVE-2008-1981

2008-04-2720:05:00

CWE-352

[email protected]

web.nvd.nist.gov

cve-2008-1981

cross-site request forgery

csrf

e-publish

drupal

vulnerability

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

48.5%

JSON

Cross-site request forgery (CSRF) vulnerability in E-Publish 5.x before 5.x-1.1 and 6.x before 6.x-1.0 beta1, a Drupal module, allows remote attackers to perform unauthorized actions as other users via unspecified vectors.

Affected configurations

NVD

Node

e-publish_projecte-publishMatch5.x-1.0drupal

e-publish_projecte-publishMatch5.x-1.xdevdrupal

e-publish_projecte-publishMatch6.x-1.xdevdrupal

CPENameOperatorVersion
e-publish_project:e-publishe-publish project e-publisheq5.x-1.0
e-publish_project:e-publishe-publish project e-publisheq5.x-1.x
e-publish_project:e-publishe-publish project e-publisheq6.x-1.x

CPE	Name	Operator	Version
e-publish_project:e-publish	e-publish project e-publish	eq	5.x-1.0
e-publish_project:e-publish	e-publish project e-publish	eq	5.x-1.x
e-publish_project:e-publish	e-publish project e-publish	eq	6.x-1.x

References

drupal.org/node/250408

secunia.com/advisories/29960

www.vupen.com/english/advisories/2008/1353/references

exchange.xforce.ibmcloud.com/vulnerabilities/41978

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

48.5%

JSON

Related for CVE-2008-1981

nvd1 cvelist1 prion1