Lucene search

[email protected]CVE-2008-7151

HistorySep 01, 2009 - 4:30 p.m.

CVE-2008-7151

2009-09-0116:30:00

CWE-352

[email protected]

web.nvd.nist.gov

csrf

vulnerability

drupal

live 5.x

nvd

remote attackers

authentication

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.5%

JSON

Cross-site request forgery (CSRF) vulnerability in Live 5.x before 5.x-0.1, a module for Drupal, allows remote attackers to hijack the authentication of unspecified privileged users for requests that can be leveraged to execute arbitrary PHP code.

Affected configurations

NVD

Node

gurpartap_singhliveMatch5.x-1.x-dev

AND

drupaldrupal

CPENameOperatorVersion
gurpartap_singh:livegurpartap singh liveeq5.x-1.x-dev

CPE	Name	Operator	Version
gurpartap_singh:live	gurpartap singh live	eq	5.x-1.x-dev

References

drupal.org/node/236607

drupal.org/node/236609

exchange.xforce.ibmcloud.com/vulnerabilities/41754

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.5%

JSON

Related for CVE-2008-7151

nvd1 cvelist1 prion1