CVE-2008-7214
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Cross-site request forgery (CSRF) vulnerability in administrator/index2.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to hijack the authentication of administrators for requests that add new administrator accounts via the save task in a com_users action, as demonstrated using a separate XSS vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php.
Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en administrator/index2.php en MOStlyCE anterior a la v2.4, como la usada en Mambo v4.6.3, permite a atacantes remotos secuestrar la autenticación de administradores para peticiones que añaden nuevas cuentas de administradores a través de una tarea guardada en una acción com_users, como se demostró usando una vulnerabilidad cross site scripting (XSS) separada en mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2009-09-11 CVE Reserved
- 2009-09-11 CVE Published
- 2023-03-23 EPSS Updated
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html | Mailing List | |
| http://forum.mambo-foundation.org/showthread.php?t=10158 | X_refsource_confirm | |
| http://www.securityfocus.com/archive/1/487128/100/200/threaded | Mailing List | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/39985 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| http://osvdb.org/42531 | 2024-08-07 | |
| http://www.bugreport.ir/index_33.htm | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/28670 | 2018-10-11 | |
| http://www.vupen.com/english/advisories/2008/0325 | 2018-10-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mambo-foundation Search vendor "Mambo-foundation" | Mambo Search vendor "Mambo-foundation" for product "Mambo" | <= 4.6.3 Search vendor "Mambo-foundation" for product "Mambo" and version " <= 4.6.3" | - |
Affected
| in | Brilaps Search vendor "Brilaps" | Mostlyce Search vendor "Brilaps" for product "Mostlyce" | <= 2.0 Search vendor "Brilaps" for product "Mostlyce" and version " <= 2.0" | - |
Affected
|
| Mambo-foundation Search vendor "Mambo-foundation" | Mambo Search vendor "Mambo-foundation" for product "Mambo" | 4.6.2 Search vendor "Mambo-foundation" for product "Mambo" and version "4.6.2" | - |
Affected
| in | Brilaps Search vendor "Brilaps" | Mostlyce Search vendor "Brilaps" for product "Mostlyce" | <= 2.0 Search vendor "Brilaps" for product "Mostlyce" and version " <= 2.0" | - |
Affected
|