Lucene search

[email protected]NVD:CVE-2004-2364

HistoryDec 31, 2004 - 5:00 a.m.

CVE-2004-2364

2004-12-3105:00:00

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.8 High

AI Score

Confidence

High

0.033 Low

EPSS

Percentile

91.4%

JSON

Cross-site request forgery (CSRF) vulnerability in PHPX 3.0 through 3.2.6 allows remote attackers to execute arbitrary commands via URLs that are automatically executed on behalf of the administrator, as demonstrated using (1) admin/page.php, (2) admin/news.php, (3) admin/user.php, (4) admin/images.php, (5) admin/page.php, or (6) admin/forums.php.

Affected configurations

NVD

Node

phpxphpxMatch3.0.0

phpxphpxMatch3.0.1

phpxphpxMatch3.0.2

phpxphpxMatch3.0.3

phpxphpxMatch3.0.4

phpxphpxMatch3.0.5

phpxphpxMatch3.0.6

phpxphpxMatch3.0.7

phpxphpxMatch3.1.0

phpxphpxMatch3.1.1

phpxphpxMatch3.1.2

phpxphpxMatch3.1.3

phpxphpxMatch3.1.4

phpxphpxMatch3.2.0

phpxphpxMatch3.2.1

phpxphpxMatch3.2.2

phpxphpxMatch3.2.3

phpxphpxMatch3.2.4

phpxphpxMatch3.2.5

phpxphpxMatch3.2.6

References

secunia.com/advisories/11554

securitytracker.com/id?1010061

www.osvdb.org/5907

www.osvdb.org/5908

www.osvdb.org/5909

www.osvdb.org/5910

www.osvdb.org/5911

www.phpx.org/project.php?action=view&project_id=1

www.securityfocus.com/archive/1/362230

www.securityfocus.com/bid/10284

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.8 High

AI Score

Confidence

High

0.033 Low

EPSS

Percentile

91.4%

JSON

Related for NVD:CVE-2004-2364

cve1 exploitpack1 cvelist1 exploitdb1