Lucene search

MitreCVE-2010-2039

HistoryMay 25, 2010 - 2:30 p.m.

CVE-2010-2039

2010-05-2514:30:01

CWE-352

mitre

web.nvd.nist.gov

cve-2010-2039

cross-site request forgery

csrf vulnerability

gpeasy cms

authentication hijacking

admin_users action

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.014

Percentile

86.9%

JSON

Cross-site request forgery (CSRF) vulnerability in gpEasy CMS 1.6.2, 1.6.1, and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative users via an Admin_Users action to index.php. NOTE: some of these details are obtained from third party information.

Affected configurations

Nvd

Node

gpeasygpeasy_cmsRange≤1.6.2

gpeasygpeasy_cmsMatch1.5

gpeasygpeasy_cmsMatch1.5rc2

gpeasygpeasy_cmsMatch1.5rc3

gpeasygpeasy_cmsMatch1.5rc4

gpeasygpeasy_cmsMatch1.6

gpeasygpeasy_cmsMatch1.6rc1

gpeasygpeasy_cmsMatch1.6rc2

gpeasygpeasy_cmsMatch1.6rc3

gpeasygpeasy_cmsMatch1.6rc4

gpeasygpeasy_cmsMatch1.6rc5

gpeasygpeasy_cmsMatch1.6.1

gpeasygpeasy_cmsMatch1.6.3

VendorProductVersionCPE
gpeasygpeasy_cms*cpe:2.3:a:gpeasy:gpeasy_cms:*:*:*:*:*:*:*:*
gpeasygpeasy_cms1.5cpe:2.3:a:gpeasy:gpeasy_cms:1.5:*:*:*:*:*:*:*
gpeasygpeasy_cms1.5cpe:2.3:a:gpeasy:gpeasy_cms:1.5:rc2:*:*:*:*:*:*
gpeasygpeasy_cms1.5cpe:2.3:a:gpeasy:gpeasy_cms:1.5:rc3:*:*:*:*:*:*
gpeasygpeasy_cms1.5cpe:2.3:a:gpeasy:gpeasy_cms:1.5:rc4:*:*:*:*:*:*
gpeasygpeasy_cms1.6cpe:2.3:a:gpeasy:gpeasy_cms:1.6:*:*:*:*:*:*:*
gpeasygpeasy_cms1.6cpe:2.3:a:gpeasy:gpeasy_cms:1.6:rc1:*:*:*:*:*:*
gpeasygpeasy_cms1.6cpe:2.3:a:gpeasy:gpeasy_cms:1.6:rc2:*:*:*:*:*:*
gpeasygpeasy_cms1.6cpe:2.3:a:gpeasy:gpeasy_cms:1.6:rc3:*:*:*:*:*:*
gpeasygpeasy_cms1.6cpe:2.3:a:gpeasy:gpeasy_cms:1.6:rc4:*:*:*:*:*:*

Vendor	Product	Version	CPE
gpeasy	gpeasy_cms	*	cpe:2.3:a:gpeasy:gpeasy_cms::::::::
gpeasy	gpeasy_cms	1.5	cpe:2.3:a:gpeasy:gpeasy_cms:1.5:::::::*
gpeasy	gpeasy_cms	1.5	cpe:2.3:a:gpeasy:gpeasy_cms:1.5:rc2::::::
gpeasy	gpeasy_cms	1.5	cpe:2.3:a:gpeasy:gpeasy_cms:1.5:rc3::::::
gpeasy	gpeasy_cms	1.5	cpe:2.3:a:gpeasy:gpeasy_cms:1.5:rc4::::::
gpeasy	gpeasy_cms	1.6	cpe:2.3:a:gpeasy:gpeasy_cms:1.6:::::::*
gpeasy	gpeasy_cms	1.6	cpe:2.3:a:gpeasy:gpeasy_cms:1.6:rc1::::::
gpeasy	gpeasy_cms	1.6	cpe:2.3:a:gpeasy:gpeasy_cms:1.6:rc2::::::
gpeasy	gpeasy_cms	1.6	cpe:2.3:a:gpeasy:gpeasy_cms:1.6:rc3::::::
gpeasy	gpeasy_cms	1.6	cpe:2.3:a:gpeasy:gpeasy_cms:1.6:rc4::::::

Rows per page:

1-10 of 131

References

packetstormsecurity.org/1004-exploits/gpeasy-xsrf.txt

secunia.com/advisories/39643

www.exploit-db.com/exploits/12441

www.osvdb.org/64130

www.vupen.com/english/advisories/2010/1030

exchange.xforce.ibmcloud.com/vulnerabilities/58214

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.014

Percentile

86.9%

JSON

Related for CVE-2010-2039