CVE-2007-5918 in MS TopSitesinfo

Summary

Cross-site request forgery (CSRF) vulnerability in edit.php in the MS TopSites add-on for PHP-Nuke does not verify that the uname parameter matches the current account, which allows remote authenticated users to change arbitrary accounts or change the SiteTitleName field as an arbitrary user via a modified uname value in an edit action to modules.php.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

11/09/2007

Disclosure

11/09/2007

Moderation

VulDB entry created

Entries

VDB-39634 (1)

CPE

ready

CWE

CWE-352 (Confirmed)

Exploit

Download

CVSS

5.5

EPSS

0.00195

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2007-5918
NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-5918
CVE Details	https://www.cvedetails.com/cve/CVE-2007-5918/

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!