Lucene search

MitreCVE-2015-2083

HistoryFeb 25, 2015 - 10:59 p.m.

CVE-2015-2083

2015-02-2522:59:03

CWE-352

mitre

web.nvd.nist.gov

cve

2015

2083

cross-site request forgery

csrf

vulnerability

ilch cms

remote attackers

hijack

authentication

administrators

profile field

profilefields

admin.php

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

Low

EPSS

0.002

Percentile

52.4%

JSON

Cross-site request forgery (CSRF) vulnerability in Ilch CMS allows remote attackers to hijack the authentication of administrators for requests that add a value to a profile field via a profilefields request to admin.php.

Affected configurations

Nvd

Node

ilchcms

VendorProductVersionCPE
ilchcms*cpe:2.3:a:ilch:cms:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ilch	cms	*	cpe:2.3:a:ilch:cms::::::::

References

packetstormsecurity.com/files/130441/Ilch-CMS-Cross-Site-Request-Forgery.html

www.securityfocus.com/bid/74898

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

Low

EPSS

0.002

Percentile

52.4%

JSON

Related for CVE-2015-2083