CVE-2010-3603 in mojoPortalinfo

Summary

Cross-site request forgery (CSRF) vulnerability in the file manager service (Services/FileService.ashx) in mojoPortal 2.3.4.3 and 2.3.5.1 allows remote attackers to hijack the authentication of administrators for requests that rename arbitrary files, as demonstrated by causing the user.config file to be moved, leading to a denial of service (service stop) and possibly the exposure of sensitive information.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Responsible

Reservation

09/24/2010

Disclosure

09/24/2010

Moderation

VulDB entry created

Entries

VDB-54845

CPE

ready

CWE

CWE-352 (Confirmed)

Exploit

Download

CVSS

6.3

EPSS

0.04218

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2010-3603
NVD	https://nvd.nist.gov/vuln/detail/CVE-2010-3603
CVE Details	https://www.cvedetails.com/cve/CVE-2010-3603/

◂ Previous Overview Next ▸

Want to know what is going to be exploited?

We predict KEV entries!