Lucene search

[email protected]CVE-2008-6729

HistoryApr 20, 2009 - 2:30 p.m.

CVE-2008-6729

2009-04-2014:30:00

CWE-352

[email protected]

web.nvd.nist.gov

phpmotion

password.php

csrf

vulnerabilities

nvd

cve-2008-6729

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.5%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in password.php in PHPmotion 2.1 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that modify an account via the (1) password or (2) email_address parameter.

Affected configurations

NVD

Node

phpmotionphpmotionRange≤2.1

phpmotionphpmotionMatch1.0

phpmotionphpmotionMatch2.0

CPENameOperatorVersion
phpmotion:phpmotionphpmotionle2.1
phpmotion:phpmotionphpmotioneq1.0
phpmotion:phpmotionphpmotioneq2.0

CPE	Name	Operator	Version
phpmotion:phpmotion	phpmotion	le	2.1
phpmotion:phpmotion	phpmotion	eq	1.0
phpmotion:phpmotion	phpmotion	eq	2.0

References

osvdb.org/50999

secunia.com/advisories/33309

exchange.xforce.ibmcloud.com/vulnerabilities/47585

www.exploit-db.com/exploits/7557

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.5%

JSON

Related for CVE-2008-6729

cvelist1 nvd1 prion1