Lucene search

GoogleOSV:CVE-2018-17081

HistorySep 26, 2018 - 9:29 p.m.

CVE-2018-17081

2018-09-2621:29:01

Google

osv.dev

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

7.1 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

44.2%

JSON

e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id= for changing the title of an arbitrary page.

CPENameOperatorVersion
e107eq2.0alpha
e107eq2.1
e107eq2.1.0
e107eq2.1.5
e107eq2.1.8
e107eq2.0-alpha2
e107eq2.0-beta1
e107eq2.1.7
e107eq2.1.9
e107eq2.1.1

Name	Operator	Version
e107	eq	2.0alpha
e107	eq	2.1
e107	eq	2.1.0
e107	eq	2.1.5
e107	eq	2.1.8
e107	eq	2.0-alpha2
e107	eq	2.0-beta1
e107	eq	2.1.7
e107	eq	2.1.9
e107	eq	2.1.1

Rows per page:

1-10 of 151

References

github.com/himanshurahi/e107_2.1.9_CSRF_POC

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

7.1 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

44.2%

JSON

Related for OSV:CVE-2018-17081