Lucene search

MitreCVE-2008-7204

HistorySep 11, 2009 - 4:30 p.m.

CVE-2008-7204

2009-09-1116:30:00

CWE-352

mitre

web.nvd.nist.gov

virtuemart

csrf

security

vulnerability

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

Low

EPSS

0.002

Percentile

52.7%

JSON

Cross-site request forgery (CSRF) vulnerability in VirtueMart 1.0.13a and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

Affected configurations

Nvd

Node

virtuemartvirtuemartRange≤1.0.13

virtuemartvirtuemartMatch1.0.0

virtuemartvirtuemartMatch1.0.7

virtuemartvirtuemartMatch1.0.8

virtuemartvirtuemartMatch1.0.9

virtuemartvirtuemartMatch1.0.10

virtuemartvirtuemartMatch1.0.11

virtuemartvirtuemartMatch1.0.12

virtuemartvirtuemartMatch1.1

VendorProductVersionCPE
virtuemartvirtuemart*cpe:2.3:a:virtuemart:virtuemart:*:*:*:*:*:*:*:*
virtuemartvirtuemart1.0.0cpe:2.3:a:virtuemart:virtuemart:1.0.0:*:*:*:*:*:*:*
virtuemartvirtuemart1.0.7cpe:2.3:a:virtuemart:virtuemart:1.0.7:*:*:*:*:*:*:*
virtuemartvirtuemart1.0.8cpe:2.3:a:virtuemart:virtuemart:1.0.8:*:*:*:*:*:*:*
virtuemartvirtuemart1.0.9cpe:2.3:a:virtuemart:virtuemart:1.0.9:*:*:*:*:*:*:*
virtuemartvirtuemart1.0.10cpe:2.3:a:virtuemart:virtuemart:1.0.10:*:*:*:*:*:*:*
virtuemartvirtuemart1.0.11cpe:2.3:a:virtuemart:virtuemart:1.0.11:*:*:*:*:*:*:*
virtuemartvirtuemart1.0.12cpe:2.3:a:virtuemart:virtuemart:1.0.12:*:*:*:*:*:*:*
virtuemartvirtuemart1.1cpe:2.3:a:virtuemart:virtuemart:1.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
virtuemart	virtuemart	*	cpe:2.3:a:virtuemart:virtuemart::::::::
virtuemart	virtuemart	1.0.0	cpe:2.3:a:virtuemart:virtuemart:1.0.0:::::::*
virtuemart	virtuemart	1.0.7	cpe:2.3:a:virtuemart:virtuemart:1.0.7:::::::*
virtuemart	virtuemart	1.0.8	cpe:2.3:a:virtuemart:virtuemart:1.0.8:::::::*
virtuemart	virtuemart	1.0.9	cpe:2.3:a:virtuemart:virtuemart:1.0.9:::::::*
virtuemart	virtuemart	1.0.10	cpe:2.3:a:virtuemart:virtuemart:1.0.10:::::::*
virtuemart	virtuemart	1.0.11	cpe:2.3:a:virtuemart:virtuemart:1.0.11:::::::*
virtuemart	virtuemart	1.0.12	cpe:2.3:a:virtuemart:virtuemart:1.0.12:::::::*
virtuemart	virtuemart	1.1	cpe:2.3:a:virtuemart:virtuemart:1.1:::::::*

References

osvdb.org/41762

secunia.com/advisories/28722

virtuemart.net/index.php?option=com_content&task=view&id=276&Itemid=127

exchange.xforce.ibmcloud.com/vulnerabilities/40117

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

Low

EPSS

0.002

Percentile

52.7%

JSON

Related for CVE-2008-7204