Lucene search
MitreCVELIST:CVE-2014-4718HistoryJul 03, 2014 - 2:00 p.m.
CVE-2014-4718
2014-07-0314:00:00
mitre
www.cve.org
3
csrf vulnerabilities
lunar cms
remote attackers
administrator authentication
cross-site scripting
contact form parameter
Multiple cross-site request forgery (CSRF) vulnerabilities in Lunar CMS before 3.3-3 allow remote attackers to hijack the authentication of administrators for requests that (1) add Super users via a request to admin/user_create.php or conduct cross-site scripting (XSS) attacks via the (2) email or (3) subject parameter in contact_form.ext.php to admin/extensions.php.
References
lunarcms.com/Get.html
osvdb.org/show/osvdb/108350
osvdb.org/show/osvdb/108351
packetstormsecurity.com/files/127188/Lunar-CMS-3.3-CSRF-Cross-Site-Scripting.html
secunia.com/advisories/59411
www.exploit-db.com/exploits/33830
www.securityfocus.com/bid/68153
www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5188.php
Related
prion
prion
Cross site request forgery (csrf)
2014-07-03 14:55:00
zeroscience
zeroscience
Lunar CMS 3.3 CSRF And Stored XSS Vulnerability
2014-06-21 00:00:00
exploitdb
exploitdb
Lunar CMS 3.3 - Cross-Site Request Forgery / Persistent Cross-Site Scripting
2014-06-21 00:00:00
nvd
nvd
CVE-2014-4718
2014-07-03 14:55:09
cve
cve
CVE-2014-4718
2014-07-03 14:55:09