PRIOn knowledge basePRION:CVE-2007-1244Cross site request forgery (csrf)
6.1 Medium
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.062 Low
EPSS
Percentile
93.4%
Cross-site request forgery (CSRF) vulnerability in the AdminPanel in WordPress 2.1.1 and earlier allows remote attackers to perform privileged actions as administrators, as demonstrated using the delete action in wp-admin/post.php. NOTE: this issue can be leveraged to perform cross-site scripting (XSS) attacks and steal cookies via the post parameter.
References
archives.neohapsis.com/archives/fulldisclosure/2007-02/0583.html
osvdb.org/33787
osvdb.org/33788
secunia.com/advisories/24566
www.gentoo.org/security/en/glsa/glsa-200703-23.xml
www.securityfocus.com/archive/1/461351/100/0/threaded
www.securityfocus.com/bid/22735
exchange.xforce.ibmcloud.com/vulnerabilities/32703
Related
6.1 Medium
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.062 Low
EPSS
Percentile
93.4%