CVE-2010-3603
mojoportal - Multiple Vulnerabilities
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
4Exploited in Wild
-Decision
Descriptions
Cross-site request forgery (CSRF) vulnerability in the file manager service (Services/FileService.ashx) in mojoPortal 2.3.4.3 and 2.3.5.1 allows remote attackers to hijack the authentication of administrators for requests that rename arbitrary files, as demonstrated by causing the user.config file to be moved, leading to a denial of service (service stop) and possibly the exposure of sensitive information.
Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en el servicio de gestión de ficheros (Services/FileService.ashx) de mojoPortal v2.3.4.3 y v2.3.5.1 permite a usuarios remotos secuestrar (hijack) la autenticación de administrador para peticiones que renombran ficheros de su elección, como se ha demostrado moviendo el fichero user.config, provocando una denegación de servicio (parada del servicio) y posiblemente la exposición de información confidencial.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-09-16 First Exploit
- 2010-09-24 CVE Reserved
- 2010-09-24 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-12 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (8)
URL | Tag | Source |
---|---|---|
http://osvdb.org/68060 | Vdb Entry | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/61834 | Vdb Entry |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/15018 | 2010-09-16 | |
http://packetstormsecurity.org/1009-advisories/moaub16-mojoportal.pdf | 2024-08-07 | |
http://packetstormsecurity.org/1009-exploits/moaub-mojoportal.txt | 2024-08-07 | |
http://www.exploit-db.com/exploits/15018 | 2024-08-07 |
URL | Date | SRC |
---|---|---|
http://www.mojoportal.com/mojoportal-2352-released.aspx | 2017-08-17 |
URL | Date | SRC |
---|---|---|
http://secunia.com/advisories/41481 | 2017-08-17 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Sourcetreesolutions Search vendor "Sourcetreesolutions" | Mojoportal Search vendor "Sourcetreesolutions" for product "Mojoportal" | 2.3.4.3 Search vendor "Sourcetreesolutions" for product "Mojoportal" and version "2.3.4.3" | - |
Affected
| ||||||
Sourcetreesolutions Search vendor "Sourcetreesolutions" | Mojoportal Search vendor "Sourcetreesolutions" for product "Mojoportal" | 2.3.5.1 Search vendor "Sourcetreesolutions" for product "Mojoportal" and version "2.3.5.1" | - |
Affected
|