Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.10, possibly before revision 82710, allow remote attackers to hijack the authentication of administrators, as demonstrated by requests that conduct directory traversal attacks via the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-3514.
References
Configurations
History
21 Nov 2024, 02:00
Type | Values Removed | Values Added |
---|---|---|
References | () http://osvdb.org/94778 - | |
References | () http://seclists.org/bugtraq/2013/Jul/27 - Exploit | |
References | () https://www.htbridge.com/advisory/HTB23155 - Exploit |
Information
Published : 2014-05-14 19:55
Updated : 2024-11-21 02:00
NVD link : CVE-2013-7376
Mitre link : CVE-2013-7376
CVE.ORG link : CVE-2013-7376
JSON object : View
Products Affected
openx
- openx
CWE
CWE-352
Cross-Site Request Forgery (CSRF)