Lucene search

[email protected]CVE-2010-1611

HistoryApr 29, 2010 - 7:30 p.m.

CVE-2010-1611

2010-04-2919:30:00

CWE-352

[email protected]

web.nvd.nist.gov

cve-2010-1611

alegrocart 1.1

csrf

vulnerability

remote attackers

authentication hijacking

administrator password reset

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.5%

JSON

Cross-site request forgery (CSRF) vulnerability in AlegroCart 1.1 allows remote attackers to hijack the authentication of the administrator for requests that reset the administrator password via a POST to admin/ with an update action.

Affected configurations

NVD

Node

alegrocartalegrocartMatch1.1

CPENameOperatorVersion
alegrocart:alegrocartalegrocarteq1.1

CPE	Name	Operator	Version
alegrocart:alegrocart	alegrocart	eq	1.1

References

forum.alegrocart.com/viewtopic.php?f=8&t=54

osvdb.org/62073

packetstormsecurity.org/1002-exploits/alegrocart-xsrf.txt

secunia.com/advisories/38386

exchange.xforce.ibmcloud.com/vulnerabilities/56037

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

83.5%

JSON

Related for CVE-2010-1611

prion1 nvd1 cvelist1