CVE-2008-7214

NONECVSS 0.0

0.0

Cross-site request forgery (CSRF) vulnerability in administrator/index2.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to hijack the authentication of administrators for requests that add new administrator accounts via the save task in a com_users action, as demonstrated using a separate XSS vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php.

🔗 References (16)

cve@mitrehttp://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html
cve@mitrehttp://forum.mambo-foundation.org/showthread.php?t=10158
cve@mitrehttp://osvdb.org/42531
cve@mitrehttp://secunia.com/advisories/28670
cve@mitrehttp://www.bugreport.ir/index_33.htm
cve@mitrehttp://www.securityfocus.com/archive/1/487128/100/200/threaded
cve@mitrehttp://www.vupen.com/english/advisories/2008/0325
cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/39985
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html
af854a3a-2127-422b-91ae-364da2661108http://forum.mambo-foundation.org/showthread.php?t=10158
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/42531
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28670
af854a3a-2127-422b-91ae-364da2661108http://www.bugreport.ir/index_33.htm
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/487128/100/200/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/0325

Is Your Infrastructure Affected by CVE-2008-7214?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2008-7214

📅 Published

🔄 Last Modified

🔗 References (16)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2008-7214?