Lucene search

[email protected]CVE-2015-4119

HistoryJun 15, 2015 - 3:59 p.m.

CVE-2015-4119

2015-06-1515:59:00

CWE-352

[email protected]

web.nvd.nist.gov

cve-2015-4119

csrf

ispconfig

authentication hijacking

sql injection

nvd

8.1 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.3%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in ISPConfig before 3.0.5.4p7 allow remote attackers to hijack the authentication of (1) administrators for requests that create an administrator account via a request to admin/users_edit.php or (2) arbitrary users for requests that conduct SQL injection attacks via the server parameter to monitor/show_sys_state.php.

CPENameOperatorVersion
ispconfig:ispconfigispconfigle3.0.5.4

CPE	Name	Operator	Version
ispconfig:ispconfig	ispconfig	le	3.0.5.4

References

bugtracker.ispconfig.org/index.php?do=details&task_id=3898

packetstormsecurity.com/files/132238/ISPConfig-3.0.5.4p6-SQL-Injection-Cross-Site-Request-Forgery.html

www.securityfocus.com/archive/1/535734/100/0/threaded

www.securityfocus.com/bid/75126

www.exploit-db.com/exploits/37259/

www.htbridge.com/advisory/HTB23260

8.1 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.3%

JSON

Related for CVE-2015-4119

prion2 cvelist2 seebug1 securityvulns2 packetstorm1 exploitpack1 zdt1 htbridge1 cve1 exploitdb1