Lucene search

MitreCVE-2008-3938

HistorySep 05, 2008 - 3:08 p.m.

CVE-2008-3938

2008-09-0515:08:00

CWE-352

mitre

web.nvd.nist.gov

cve-2008-3938

cross-site request forgery

csrf

open media collectors database

opendb

security vulnerability

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

AI Score

Confidence

High

EPSS

0.001

Percentile

48.3%

JSON

Cross-site request forgery (CSRF) vulnerability in user_admin.php in Open Media Collectors Database (OpenDb) 1.0.6 allows remote attackers to change arbitrary passwords via an update_password action.

Affected configurations

Nvd

Node

opendbopendbMatch1.0.6

VendorProductVersionCPE
opendbopendb1.0.6cpe:2.3:a:opendb:opendb:1.0.6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
opendb	opendb	1.0.6	cpe:2.3:a:opendb:opendb:1.0.6:::::::*

References

packetstorm.linuxsecurity.com/0808-exploits/omcd-xssxsrf.txt

secunia.com/advisories/31719

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

AI Score

Confidence

High

EPSS

0.001

Percentile

48.3%

JSON

Related for CVE-2008-3938