Vulnerability Details : CVE-2010-1732
Cross-site request forgery (CSRF) vulnerability in the users module in Zikula Application Framework before 1.2.3 allows remote attackers to hijack the authentication of administrators for requests that change the administrator email address (updateemail action).
Vulnerability category: Cross-site request forgery (CSRF)
Exploit prediction scoring system (EPSS) score for CVE-2010-1732
Probability of exploitation activity in the next 30 days: 0.08%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 35 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-1732
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2010-1732
-
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-1732
- http://community.zikula.org/index.php?module=News&func=display&sid=3012&title=zikula-1.2.3-release-announcement
-
http://www.htbridge.ch/advisory/xsrf_csrf_in_zikula_application_framework.html
Multiple vulnerabilities in Zikula Application Framework - HTB22348 Security Advisory | ImmuniWeb
Products affected by CVE-2010-1732
- cpe:2.3:a:zikula:zikula_application_framework:*:*:*:*:*:*:*:*