CVE-2015-5075
новости
/
статьи
/
программы
/
поиск
/
[RU]
switch to
English
CVE
CVE-2015-5075
Статус
Candidate
Описание
Cross-site request forgery (CSRF) vulnerability in X2Engine X2CRM before 5.2 allows remote attackers to hijack the authentication of administrators for requests that create an administrative account via a crafted request to index.php/users/create.
Важность
Medium
CVSS score
6,8
CVSS vector
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Phase
Assigned (26.06.2015)
NVD:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5075
References
FULLDISC :
20150925 CVE-2015-5075 - Cross-Site Request Forgery In X2Engine Inc. X2Engine
MISC :
https://www.portcullis-security.com/security-resea...
SecurityVulns:
Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
О сайте
|
Условия использования
©
SecurityVulns
,
3APA3A
, Владимир Дубровин
Нижний Новгород
Enter your search terms
Web
securityvulns.ru
Submit search form