CVE-2007-5918
Severity:
Pending analysis
Type:
CWE-352
Cross-Site Request Forgery (CSRF)
Publication date:
10/11/2007
Last modified:
15/10/2018
Description
Cross-site request forgery (CSRF) vulnerability in edit.php in the MS TopSites add-on for PHP-Nuke does not verify that the uname parameter matches the current account, which allows remote authenticated users to change arbitrary accounts or change the SiteTitleName field as an arbitrary user via a modified uname value in an edit action to modules.php.
Impact
Base Score 2.0
6.00
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:ms_topsites:ms_topsites:*:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page