CVE-2010-2294

2010-06-1501:00:00

mitre

www.cve.org

AI Score

7.3

Confidence

Low

EPSS

0.002

Percentile

52.7%

JSON

Cross-site request forgery (CSRF) vulnerability in Plume CMS 1.2.4 and possibly earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via unspecified vectors.

References

secunia.com/advisories/40133

www.securityfocus.com/archive/1/511761/100/0/threaded

www.vupen.com/english/advisories/2010/1430

exchange.xforce.ibmcloud.com/vulnerabilities/59308