CVE-2014-4718 in Lunar CMSinfo

Zusammenfassung (Englisch)

Multiple cross-site request forgery (CSRF) vulnerabilities in Lunar CMS before 3.3-3 allow remote attackers to hijack the authentication of administrators for requests that (1) add Super users via a request to admin/user_create.php or conduct cross-site scripting (XSS) attacks via the (2) email or (3) subject parameter in contact_form.ext.php to admin/extensions.php.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservieren

03.07.2014

Veröffentlichung

03.07.2014

Status

Bestätigt

Einträge

VulDB provides additional information and datapoints for this CVE:

ID	Schwachstelle	CWE	Aus	Mas	CVE
70264	Lunarcms Lunar CMS Cross Site Request Forgery	352	Proof-of-Concept	Offizieller Fix	CVE-2014-4718

Beschreibung

CPE

CWE

CVSS

Exploits

History

Diff

Verknüpfen

Threat Intelligence

API JSON

API XML

API CSV

Quellen

MITRE
NVD
CVE Details

◂ ZurückÜbersichtWeiter ▸

Do you need the next level of professionalism?

Upgrade your account now!