Lucene search

[email protected]CVE-2008-7221

HistorySep 14, 2009 - 2:30 p.m.

CVE-2008-7221

2009-09-1414:30:00

CWE-352

[email protected]

web.nvd.nist.gov

cve

2008

7221

csrf

vulnerability

runcms

1.6.1

remote attackers

hijack

authentication

administrators

add new administrators

modify user profiles

crafted request

system

admin.php

7.2 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

39.1%

JSON

Cross-site request forgery (CSRF) vulnerability in RunCMS 1.6.1 allows remote attackers to hijack the authentication of administrators for requests that (1) add new administrators or (2) modify user profiles via a crafted request to system/admin.php.

Affected configurations

NVD

Node

runcmsruncmsMatch1.6.1

CPENameOperatorVersion
runcms:runcmsruncmseq1.6.1

CPE	Name	Operator	Version
runcms:runcms	runcms	eq	1.6.1

References

www.securityfocus.com/archive/1/488287/100/200/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/40628

7.2 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

39.1%

JSON

Related for CVE-2008-7221

prion1 cvelist1 nvd1