CVE-2015-1374

Loading...

General

Score:6.8/10.0
Severity:Medium
Category:Bounce Attack
Exploit:Available

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Published on 27/01/15 - Updated on 28/01/15

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to hijack the authentication of administrators for requests that conduct (1) cross-site scripting (XSS), (2) SQL injection, or (3) unrestricted file upload attacks.

Category: Bounce Attack

CWE-352 (Cross-Site Request Forgery (CSRF))
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

Security Notices

US National Vulnerability DatabaseCVE-2015-1374

Exploits

Exploit-DBEDB-35914

Relative technologies

VendorProduct
ferretcms_projectferretcms

Share this vulnerability with:

Twitter Facebook LinkedIn Mail