Lucene search

MitreCVE-2008-7192

HistorySep 09, 2009 - 7:30 p.m.

CVE-2008-7192

2009-09-0919:30:00

CWE-352

mitre

web.nvd.nist.gov

cve-2008-7192

cross-site request forgery

csrf vulnerability

woltlab burning board

authentication hijacking

remote attackers

private messages

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

Low

EPSS

0.002

Percentile

60.3%

JSON

Cross-site request forgery (CSRF) vulnerability in index.php in WoltLab Burning Board (wBB) 3.0.1, and possibly other 3.x versions, allows remote attackers to hijack the authentication of users for requests that delete private messages via the pmID parameter in a delete action in a PM page, a different vulnerability than CVE-2008-0472.

Affected configurations

Nvd

Node

woltlabburning_boardMatch3.0.1

VendorProductVersionCPE
woltlabburning_board3.0.1cpe:2.3:a:woltlab:burning_board:3.0.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
woltlab	burning_board	3.0.1	cpe:2.3:a:woltlab:burning_board:3.0.1:::::::*

References

www.securityfocus.com/archive/1/487139/100/200/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/39990

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

Low

EPSS

0.002

Percentile

60.3%

JSON

Related for CVE-2008-7192