Lucene search
MitreCVE-2014-2916HistoryMay 05, 2014 - 4:07 p.m.
CVE-2014-2916
2014-05-0516:07:06
CWE-352
mitre
web.nvd.nist.gov
24
cve-2014-2916
csrf
vulnerability
subscription page editor
phplist
authentication
administrators
remote attackers
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.2
Confidence
Low
EPSS
0.003
Percentile
70.6%
Cross-site request forgery (CSRF) vulnerability in the subscription page editor (spageedit) in phpList before 3.0.6 allows remote attackers to hijack the authentication of administrators via a request to admin/.
Affected configurations
Node
phplistphplistRange≤3.0.5
ORphplistphplistMatch3.0.0
ORphplistphplistMatch3.0.1
ORphplistphplistMatch3.0.2
ORphplistphplistMatch3.0.3
ORphplistphplistMatch3.0.4
| Vendor | Product | Version | CPE |
|---|---|---|---|
| phplist | phplist | * | cpe:2.3:a:phplist:phplist:*:*:*:*:*:*:*:* |
| phplist | phplist | 3.0.0 | cpe:2.3:a:phplist:phplist:3.0.0:*:*:*:*:*:*:* |
| phplist | phplist | 3.0.1 | cpe:2.3:a:phplist:phplist:3.0.1:*:*:*:*:*:*:* |
| phplist | phplist | 3.0.2 | cpe:2.3:a:phplist:phplist:3.0.2:*:*:*:*:*:*:* |
| phplist | phplist | 3.0.3 | cpe:2.3:a:phplist:phplist:3.0.3:*:*:*:*:*:*:* |
| phplist | phplist | 3.0.4 | cpe:2.3:a:phplist:phplist:3.0.4:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2014-2916
2014-05-05 16:00:00
prion
prion
Cross site request forgery (csrf)
2014-05-05 16:07:00
nvd
nvd
CVE-2014-2916
2014-05-05 16:07:06
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.2
Confidence
Low
EPSS
0.003
Percentile
70.6%
Related for CVE-2014-2916