CVE-2008-6585
TorrentFlux 2.3 - 'admin.php' Cross-Site Request Forgery (Add Admin)
Severity Score
6.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Cross-site request forgery (CSRF) vulnerability in html/admin.php in TorrentFlux 2.3 allows remote attackers to hijack the authentication of administrators for requests that add new accounts via the addUser action.
Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en html/admin.php en TorrentFlux v2.3 permite a atacantes remotos secuestrar la autenticación de los administradores para realizar peticiones que añadan nuevas cuentas a través de la acción "addUser".
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-04-18 First Exploit
- 2009-04-03 CVE Reserved
- 2009-04-03 CVE Published
- 2024-08-07 CVE Updated
- 2024-11-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/44646 | Vdb Entry | |
| http://www.securityfocus.com/archive/1/491066/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/28846 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41926 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/31671 | 2008-04-18 | |
| http://secunia.com/advisories/29935 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Torrentflux Search vendor "Torrentflux" | Torrentflux Search vendor "Torrentflux" for product "Torrentflux" | 2.3 Search vendor "Torrentflux" for product "Torrentflux" and version "2.3" | - |
Affected
| ||||||