CVE-2008-6729

{"id": "CVE-2008-6729", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2009-04-20T14:30:00.390", "references": [{"url": "http://osvdb.org/50999", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/33309", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47585", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/7557", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/50999", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/33309", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47585", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/7557", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in password.php in PHPmotion 2.1 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that modify an account via the (1) password or (2) email_address parameter."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de falsificaci\u00f3n de petici\u00f3n en sitios cruzados(CSRF) en password.php de PHPmotion v2.1 y anteriores. Permiten a usuarios remotos secuestrar (hijack) la autenticaci\u00f3n de usuarios aleatorios a trav\u00e9s de las peticiones que modifican la cuenta de usuario mediante (1) el par\u00e1metro \"password\" (contrase\u00f1a) o (2) el par\u00e1metro \"email_address\" (direcci\u00f3n de e-mail)."}], "lastModified": "2024-11-21T00:57:19.157", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:phpmotion:phpmotion:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD84931B-60C2-4926-A1C2-D2975EAB99FF", "versionEndIncluding": "2.1"}, {"criteria": "cpe:2.3:a:phpmotion:phpmotion:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC5BE53E-218B-47E9-A6B1-99BEE23CE9B4"}, {"criteria": "cpe:2.3:a:phpmotion:phpmotion:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE3A4CB2-5934-4333-9FFE-D4728B62F0D1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}