Lucene search
MitreCVE-2013-2754HistoryMar 11, 2014 - 7:37 p.m.
CVE-2013-2754
2014-03-1119:37:01
CWE-352
mitre
web.nvd.nist.gov
35
cve
2013
2754
csrf
vulnerability
umisoft
umi.cms
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
6.9
Confidence
Low
EPSS
0.011
Percentile
84.3%
Cross-site request forgery (CSRF) vulnerability in Umisoft UMI.CMS before 2.9 build 21905 allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via a request to admin/users/add/user/do/.
Affected configurations
Node
umi-cmsumi.cmsRange≤2.9
ORumi-cmsumi.cmsMatch2.3.3.9
ORumi-cmsumi.cmsMatch2.5.0
ORumi-cmsumi.cmsMatch2.5.2
ORumi-cmsumi.cmsMatch2.5.3
ORumi-cmsumi.cmsMatch2.6
ORumi-cmsumi.cmsMatch2.6.1
ORumi-cmsumi.cmsMatch2.6.2
ORumi-cmsumi.cmsMatch2.6.3
ORumi-cmsumi.cmsMatch2.6.4
ORumi-cmsumi.cmsMatch2.6.5
ORumi-cmsumi.cmsMatch2.6.7
ORumi-cmsumi.cmsMatch2.6.8
ORumi-cmsumi.cmsMatch2.7.0
ORumi-cmsumi.cmsMatch2.7.2
ORumi-cmsumi.cmsMatch2.7.3
ORumi-cmsumi.cmsMatch2.7.4
ORumi-cmsumi.cmsMatch2.8.0
ORumi-cmsumi.cmsMatch2.8.0.5
ORumi-cmsumi.cmsMatch2.8.1
ORumi-cmsumi.cmsMatch2.8.1.2
ORumi-cmsumi.cmsMatch2.8.1.3
ORumi-cmsumi.cmsMatch2.8.2
ORumi-cmsumi.cmsMatch2.8.3
ORumi-cmsumi.cmsMatch2.8.4
ORumi-cmsumi.cmsMatch2.8.4.1
ORumi-cmsumi.cmsMatch2.8.4.2
ORumi-cmsumi.cmsMatch2.8.4.3
ORumi-cmsumi.cmsMatch2.8.4.4
ORumi-cmsumi.cmsMatch2.8.5
ORumi-cmsumi.cmsMatch2.8.5.1
ORumi-cmsumi.cmsMatch2.8.5.2
ORumi-cmsumi.cmsMatch2.8.5.3
ORumi-cmsumi.cmsMatch2.8.6
ORumi-cmsumi.cmsMatch2.8.6.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| umi-cms | umi.cms | * | cpe:2.3:a:umi-cms:umi.cms:*:*:*:*:*:*:*:* |
| umi-cms | umi.cms | 2.3.3.9 | cpe:2.3:a:umi-cms:umi.cms:2.3.3.9:*:*:*:*:*:*:* |
| umi-cms | umi.cms | 2.5.0 | cpe:2.3:a:umi-cms:umi.cms:2.5.0:*:*:*:*:*:*:* |
| umi-cms | umi.cms | 2.5.2 | cpe:2.3:a:umi-cms:umi.cms:2.5.2:*:*:*:*:*:*:* |
| umi-cms | umi.cms | 2.5.3 | cpe:2.3:a:umi-cms:umi.cms:2.5.3:*:*:*:*:*:*:* |
| umi-cms | umi.cms | 2.6 | cpe:2.3:a:umi-cms:umi.cms:2.6:*:*:*:*:*:*:* |
| umi-cms | umi.cms | 2.6.1 | cpe:2.3:a:umi-cms:umi.cms:2.6.1:*:*:*:*:*:*:* |
| umi-cms | umi.cms | 2.6.2 | cpe:2.3:a:umi-cms:umi.cms:2.6.2:*:*:*:*:*:*:* |
| umi-cms | umi.cms | 2.6.3 | cpe:2.3:a:umi-cms:umi.cms:2.6.3:*:*:*:*:*:*:* |
| umi-cms | umi.cms | 2.6.4 | cpe:2.3:a:umi-cms:umi.cms:2.6.4:*:*:*:*:*:*:* |
Related
exploitdb
exploitdb
UMI CMS 2.9 - Cross-Site Request Forgery
2013-05-14 00:00:00
exploitpack
exploitpack
UMI CMS 2.9 - Cross-Site Request Forgery
2013-05-14 00:00:00
securityvulns
securityvulns
Cross-Site Request Forgery (CSRF) in UMI.CMS
2013-05-10 00:00:00
cvelist
cvelist
CVE-2013-2754
2014-03-11 15:00:00
nvd
nvd
CVE-2013-2754
2014-03-11 19:37:01
packetstorm
packetstorm
UMI.CMS 2.9 Cross Site Request Forgery
2013-05-08 00:00:00
zdt
zdt
UMI.CMS 2.9 Cross Site Request Forgery Vulnerability
2013-05-09 00:00:00
htbridge
htbridge
Cross-Site Request Forgery (CSRF) in UMI.CMS
2013-04-03 00:00:00
prion
prion
Cross site request forgery (csrf)
2014-03-11 19:37:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
6.9
Confidence
Low
EPSS
0.011
Percentile
84.3%
Related for CVE-2013-2754