CVE-2013-5977

{"id": "CVE-2013-5977", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2013-11-01T15:55:03.267", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2013-10/0048.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://blog.noobroot.com/#%21/2013/10/0-day-wordpress-cart66-plugin-15114.html", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/98352", "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/123587/WordPress-Cart66-1.5.1.14-Cross-Site-Request-Forgery-Cross-Site-Scripting.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://seclists.org/bugtraq/2013/Oct/52", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/55265", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://wordpress.org/plugins/cart66-lite/changelog/", "source": "cve@mitre.org"}, {"url": "http://www.exploit-db.com/exploits/28959", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/62975", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87874", "source": "cve@mitre.org"}, {"url": "http://archives.neohapsis.com/archives/bugtraq/2013-10/0048.html", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://blog.noobroot.com/#%21/2013/10/0-day-wordpress-cart66-plugin-15114.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/98352", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://packetstormsecurity.com/files/123587/WordPress-Cart66-1.5.1.14-Cross-Site-Request-Forgery-Cross-Site-Scripting.html", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/bugtraq/2013/Oct/52", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/55265", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://wordpress.org/plugins/cart66-lite/changelog/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.exploit-db.com/exploits/28959", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/62975", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87874", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in Cart66Product.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allows remote attackers to hijack the authentication of administrators for requests that (1) create or modify products or conduct cross-site scripting (XSS) attacks via the (2) Product name or (3) Price description field in a product save action via a request to wp-admin/admin.php."}, {"lang": "es", "value": "Vulnerabilidad de Cross-site request Forgery (CSRF) en Cart66Product.php en el plugin Cart66 Lite anterior a 1.5.1.15 para WordPress que permite a atacantes remotos secuestrar la autenticaci\u00f3n de administrador para solicitudes de (1) crear o modificar productos o realizar ataques cross-site scripting (XSS) trav\u00e9s de la (2) nombre del producto o (3) campo de descripci\u00f3n de precio en una acci\u00f3n de guardado mediante una petici\u00f3n a wp-admin/admin.php."}], "lastModified": "2024-11-21T01:58:32.097", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cart66:cart66_lite_plugin:*:-:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "68C0EF0D-C49B-4993-B35E-A7BC6EA61564", "versionEndIncluding": "1.5.1.14"}, {"criteria": "cpe:2.3:a:cart66:cart66_lite_plugin:1.0.7:-:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "C65804BE-3FC6-4C73-ADB0-A805D1EAE01A"}, {"criteria": "cpe:2.3:a:cart66:cart66_lite_plugin:1.0.8:-:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "371E7CC1-6859-44B4-AE99-E3190F3620B2"}, {"criteria": "cpe:2.3:a:cart66:cart66_lite_plugin:1.1:-:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "F697161D-2D5F-4DE7-86B5-10E597604DA8"}, {"criteria": "cpe:2.3:a:cart66:cart66_lite_plugin:1.1.1:-:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "9557CB90-B469-4596-BA81-6F23CAD9923B"}, {"criteria": "cpe:2.3:a:cart66:cart66_lite_plugin:1.1.2:-:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "E8B66D0E-1A66-4643-9140-63963F569512"}, {"criteria": "cpe:2.3:a:cart66:cart66_lite_plugin:1.1.3:-:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "D2FC3E76-CE79-4C5D-8E1B-87E421F68D89"}, {"criteria": "cpe:2.3:a:cart66:cart66_lite_plugin:1.1.4:-:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "A6112DE0-E3FF-4290-8A9A-855415721904"}, {"criteria": "cpe:2.3:a:cart66:cart66_lite_plugin:1.1.5:-:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "90119BD7-294C-402F-B331-81C181DF1A33"}, {"criteria": "cpe:2.3:a:cart66:cart66_lite_plugin:1.1.6:-:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "E0D546F1-3604-4732-86F1-7286E48DB9A2"}, {"criteria": "cpe:2.3:a:cart66:cart66_lite_plugin:1.3.0:-:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "B79ED092-6857-4775-BC6C-B16804B5D043"}, {"criteria": "cpe:2.3:a:cart66:cart66_lite_plugin:1.4.0:-:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "A8BC5054-8935-4BEE-83ED-19DCF413E067"}, {"criteria": "cpe:2.3:a:cart66:cart66_lite_plugin:1.4.1:-:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "EE41C341-A885-4839-B7AD-897796321493"}, {"criteria": "cpe:2.3:a:cart66:cart66_lite_plugin:1.4.2:-:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "F9A0B51B-9A6F-4D25-90D0-F7696B436864"}, {"criteria": "cpe:2.3:a:cart66:cart66_lite_plugin:1.4.4:-:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "0599A27A-287F-4714-AF1E-A9099221E7FE"}, {"criteria": "cpe:2.3:a:cart66:cart66_lite_plugin:1.4.7:-:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "24378CE0-5B57-4B56-A84D-3ABDCD1C7B79"}, {"criteria": "cpe:2.3:a:cart66:cart66_lite_plugin:1.4.8:-:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "2BE2B92A-2025-4088-8E44-3B0C747A9496"}, {"criteria": "cpe:2.3:a:cart66:cart66_lite_plugin:1.4.9:-:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "64922AAC-04B8-46E8-91F7-8DA882E77593"}, {"criteria": "cpe:2.3:a:cart66:cart66_lite_plugin:1.5.0:-:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "BA022460-863A-4493-B3C2-BE173FE73F20"}, {"criteria": "cpe:2.3:a:cart66:cart66_lite_plugin:1.5.0.1:-:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "63EC1F83-63AE-4F00-9CB4-9097DD7496EE"}, {"criteria": "cpe:2.3:a:cart66:cart66_lite_plugin:1.5.0.2:-:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "47B98B4F-3F30-480E-9996-F96074295205"}, {"criteria": "cpe:2.3:a:cart66:cart66_lite_plugin:1.5.1:-:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "F63BB3E7-6979-447D-BE4C-01F792A78D55"}, {"criteria": "cpe:2.3:a:cart66:cart66_lite_plugin:1.5.1.1:-:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "44B34A11-983F-4295-B076-ADCFF8D04DE5"}, {"criteria": "cpe:2.3:a:cart66:cart66_lite_plugin:1.5.1.2:-:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "CE42650D-B3EA-40E8-B24F-971DF4FE30B2"}, {"criteria": "cpe:2.3:a:cart66:cart66_lite_plugin:1.5.1.8:-:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "83C98E5C-0795-4783-92DF-DE82678E0859"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}