Lucene search
MitreCVE-2008-5567HistoryDec 15, 2008 - 6:00 p.m.
CVE-2008-5567
2008-12-1518:00:00
CWE-352
mitre
web.nvd.nist.gov
24
cve-2008-5567
cross-site request forgery
csrf
admin password
bonza cart 1.10
security vulnerability
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7
Confidence
Low
EPSS
0.005
Percentile
75.5%
Cross-site request forgery (CSRF) vulnerability in admin/ad_settings.php in Bonza Cart 1.10 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the NewAdmin, NewPass1, and NewPass2 parameters.
Affected configurations
Node
bonzacartbonza_cartRange≤1.10
| Vendor | Product | Version | CPE |
|---|---|---|---|
| bonzacart | bonza_cart | * | cpe:2.3:a:bonzacart:bonza_cart:*:*:*:*:*:*:*:* |
Related
nvd
nvd
CVE-2008-5567
2008-12-15 18:00:00
cvelist
cvelist
CVE-2008-5567
2008-12-15 17:45:00
prion
prion
Cross site request forgery (csrf)
2008-12-15 18:00:00
exploitdb
exploitdb
Bonza Cart 1.10 - Admin Password Changing
2008-12-07 00:00:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7
Confidence
Low
EPSS
0.005
Percentile
75.5%
Related for CVE-2008-5567