CVE-2013-2713
Severity CVSS v4.0:
Pending analysis
Type:
CWE-352
Cross-Site Request Forgery (CSRF)
Publication date:
23/05/2014
Last modified:
12/04/2025
Description
Cross-site request forgery (CSRF) vulnerability in users_maint.html in KrisonAV CMS before 3.0.2 allows remote attackers to hijack the authentication of administrators for requests that create user accounts via a crafted request.
Impact
Base Score 2.0
6.80
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:krisonav:krisonav:*:*:*:*:*:*:*:* | 3.0.1 (including) | |
| cpe:2.3:a:krisonav:krisonav:0.9.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:krisonav:krisonav:0.9.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:krisonav:krisonav:0.9.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:krisonav:krisonav:0.9.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:krisonav:krisonav:0.9.7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:krisonav:krisonav:1.0.0:beta:*:*:*:*:*:* | ||
| cpe:2.3:a:krisonav:krisonav:1.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:krisonav:krisonav:1.0.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:krisonav:krisonav:1.1.35:*:*:*:*:*:*:* | ||
| cpe:2.3:a:krisonav:krisonav:2.0.1:beta:*:*:*:*:*:* | ||
| cpe:2.3:a:krisonav:krisonav:2.1.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:krisonav:krisonav:2.1.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:krisonav:krisonav:2.1.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:krisonav:krisonav:3.0.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://archives.neohapsis.com/archives/bugtraq/2013-04/0184.html
- http://www.exploit-db.com/exploits/24965
- http://www.krisonav.com/index.php?module=articles_show&articles_id=release-notes
- http://www.securityfocus.com/bid/59273
- https://www.htbridge.com/advisory/HTB23150
- http://archives.neohapsis.com/archives/bugtraq/2013-04/0184.html
- http://www.exploit-db.com/exploits/24965
- http://www.krisonav.com/index.php?module=articles_show&articles_id=release-notes
- http://www.securityfocus.com/bid/59273
- https://www.htbridge.com/advisory/HTB23150