6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.5 High
AI Score
Confidence
Low
0.006 Low
EPSS
Percentile
79.4%
Cross-site request forgery (CSRF) vulnerability in default.asp in ASPCode CMS 1.5.8, 2.0.0 Build 103, and possibly other versions, allows remote attackers to hijack the authentication of an administrator for requests that (1) delete users via the delete action in the ma2 parameter or (2) create administrators via the update action in the ma2 parameter.
CPE | Name | Operator | Version |
---|---|---|---|
aspcodecms:aspcode_cms | aspcodecms aspcode cms | eq | 1.5.8 |
aspcodecms:aspcode_cms | aspcodecms aspcode cms | eq | 2.0.0 |