VRDA Feed : Provides information for vulnerability impact analysis

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-2294

plume-cms: Cross-site request forgery (CSRF) vulnerability in ...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2294

Original

Cross-site request forgery (CSRF) vulnerability in Plume CMS 1.2.4 and possibly earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via unspecified vectors.

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-06-15

Source Information Category:

Advisory, Alert

Last Updated:

2010-06-15

Affected Product Tags

cpe:/a:pxsystem:plume-cms:1.2.4

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

BUGTRAQ 20100609 [MajorSecurity SA-070]Plume CMS - change Admin Password via Cross-site Request Forgery

SECUNIA 40133

VUPEN ADV-2010-1430

Vulnerability Type Cross-Site Request Forgery (CSRF) (CWE-352)

XF plumecms-password-csrf(59308)