Lucene search

MitreCVE-2008-6048

HistoryFeb 04, 2009 - 3:30 p.m.

CVE-2008-6048

2009-02-0415:30:01

CWE-352

mitre

web.nvd.nist.gov

cve-2008-6048

csrf

tangocms

hijack

authentication

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.001

Percentile

41.7%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in TangoCMS before 2.2.0 allow remote attackers to hijack the authentication of administrators.

Affected configurations

Nvd

Node

tangocmstangocmsRange≤2.1.2

tangocmstangocmsMatch1.0.6

tangocmstangocmsMatch1.0.8

tangocmstangocmsMatch1.0.8.1

tangocmstangocmsMatch2.0.0

tangocmstangocmsMatch2.0.1

tangocmstangocmsMatch2.0.2

tangocmstangocmsMatch2.0.3

tangocmstangocmsMatch2.0.4

tangocmstangocmsMatch2.0.5

tangocmstangocmsMatch2.0.6

tangocmstangocmsMatch2.1.0

tangocmstangocmsMatch2.1.1

VendorProductVersionCPE
tangocmstangocms*cpe:2.3:a:tangocms:tangocms:*:*:*:*:*:*:*:*
tangocmstangocms1.0.6cpe:2.3:a:tangocms:tangocms:1.0.6:*:*:*:*:*:*:*
tangocmstangocms1.0.8cpe:2.3:a:tangocms:tangocms:1.0.8:*:*:*:*:*:*:*
tangocmstangocms1.0.8.1cpe:2.3:a:tangocms:tangocms:1.0.8.1:*:*:*:*:*:*:*
tangocmstangocms2.0.0cpe:2.3:a:tangocms:tangocms:2.0.0:*:*:*:*:*:*:*
tangocmstangocms2.0.1cpe:2.3:a:tangocms:tangocms:2.0.1:*:*:*:*:*:*:*
tangocmstangocms2.0.2cpe:2.3:a:tangocms:tangocms:2.0.2:*:*:*:*:*:*:*
tangocmstangocms2.0.3cpe:2.3:a:tangocms:tangocms:2.0.3:*:*:*:*:*:*:*
tangocmstangocms2.0.4cpe:2.3:a:tangocms:tangocms:2.0.4:*:*:*:*:*:*:*
tangocmstangocms2.0.5cpe:2.3:a:tangocms:tangocms:2.0.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tangocms	tangocms	*	cpe:2.3:a:tangocms:tangocms::::::::
tangocms	tangocms	1.0.6	cpe:2.3:a:tangocms:tangocms:1.0.6:::::::*
tangocms	tangocms	1.0.8	cpe:2.3:a:tangocms:tangocms:1.0.8:::::::*
tangocms	tangocms	1.0.8.1	cpe:2.3:a:tangocms:tangocms:1.0.8.1:::::::*
tangocms	tangocms	2.0.0	cpe:2.3:a:tangocms:tangocms:2.0.0:::::::*
tangocms	tangocms	2.0.1	cpe:2.3:a:tangocms:tangocms:2.0.1:::::::*
tangocms	tangocms	2.0.2	cpe:2.3:a:tangocms:tangocms:2.0.2:::::::*
tangocms	tangocms	2.0.3	cpe:2.3:a:tangocms:tangocms:2.0.3:::::::*
tangocms	tangocms	2.0.4	cpe:2.3:a:tangocms:tangocms:2.0.4:::::::*
tangocms	tangocms	2.0.5	cpe:2.3:a:tangocms:tangocms:2.0.5:::::::*

Rows per page:

1-10 of 131

References

osvdb.org/50777

secunia.com/advisories/33206

tangocms.org/article/view/2.2.0-eagle-released%21

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.001

Percentile

41.7%

JSON

Related for CVE-2008-6048