Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:19448
HistoryApr 14, 2010 - 12:00 a.m.

Pulse CMS view.php页面跨站请求伪造漏洞

2010-04-1400:00:00
Root
www.seebug.org
13

0.002 Low

EPSS

Percentile

52.5%

JSON

BUGTRAQ ID: 38356
CVE ID: CVE-2010-0992

Pulse是一个Web应用程序开发框架和门户网站搭建解决方案。

Pulse CMS没有执行充分的有效性检查便允许用户通过HTTP请求执行某些操作,如果已登录用户访问了恶意网站就会允许远程攻击者劫持用户的认证,代表该用户执行上传图形或删除文件或创建块等请求。

Pulse CMS Pulse CMS Basic 1.2.3
Pulse CMS Pulse CMS Basic 1.2.2
厂商补丁:

Pulse CMS

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://pulsecms.com/download.php

Related

cve 1
securityvulns 1
prion 1
cve
cve
CVE-2010-0992
2010-04-09 17:30:00
securityvulns
securityvulns
Secunia Research: Pulse CMS Cross-Site Request Forgery
2010-04-12 00:00:00
prion
prion
Cross site request forgery (csrf)
2010-04-09 17:30:00

0.002 Low

EPSS

Percentile

52.5%

JSON
Related for SSV:19448
cve1securityvulns1prion1