Lucene search

MitreCVE-2008-0266

HistoryJan 15, 2008 - 8:00 p.m.

CVE-2008-0266

2008-01-1520:00:00

CWE-352

mitre

web.nvd.nist.gov

cve-2008-0266

csrf

eticket

security vulnerability

admin.php

nvd

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

AI Score

Confidence

Low

EPSS

0.011

Percentile

84.9%

JSON

Cross-site request forgery (CSRF) vulnerability in admin.php in eTicket 1.5.5.2 allows remote attackers to change the administrative password and possibly perform other administrative tasks. NOTE: either the old password must be known, or the attacker must leverage a separate SQL injection vulnerability.

Affected configurations

Nvd

Node

eticketeticketMatch1.5.5.2

VendorProductVersionCPE
eticketeticket1.5.5.2cpe:2.3:a:eticket:eticket:1.5.5.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
eticket	eticket	1.5.5.2	cpe:2.3:a:eticket:eticket:1.5.5.2:::::::*

References

secunia.com/advisories/28331

securityreason.com/securityalert/3542

www.securityfocus.com/archive/1/485835/100/0/threaded

www.securityfocus.com/bid/27173

exchange.xforce.ibmcloud.com/vulnerabilities/39490

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

AI Score

Confidence

Low

EPSS

0.011

Percentile

84.9%

JSON

Related for CVE-2008-0266