Lucene search

[email protected]CVE-2008-3925

HistorySep 04, 2008 - 6:41 p.m.

CVE-2008-3925

2008-09-0418:41:00

CWE-352

[email protected]

web.nvd.nist.gov

cve

2008

3925

csrf

cmme

admin.php

remote attackers

logout action

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.8 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.6%

JSON

Cross-site request forgery (CSRF) vulnerability in admin.php in Content Management Made Easy (CMME) 1.12 allows remote attackers to trigger the logout of an administrative user via a logout action.

Affected configurations

NVD

Node

hans_oesterholtcmmeMatch1.12

CPENameOperatorVersion
hans_oesterholt:cmmehans oesterholt cmmeeq1.12

CPE	Name	Operator	Version
hans_oesterholt:cmme	hans oesterholt cmme	eq	1.12

References

securityreason.com/securityalert/4220

exchange.xforce.ibmcloud.com/vulnerabilities/44686

www.exploit-db.com/exploits/6313

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.8 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.6%

JSON

Related for CVE-2008-3925

prion1 cvelist1 nvd1