CVE-2013-2713 : Cross-site request forgery (CSRF) vulnerability in users_maint.html in KrisonAV CMS before 3.0.2 allows remote attackers

Cross-site request forgery (CSRF) vulnerability in users_maint.html in KrisonAV CMS before 3.0.2 allows remote attackers to hijack the authentication of administrators for requests that create user accounts via a crafted request.

Published 2014-05-23 14:55:10

Updated 2014-05-29 23:44:41

Source MITRE

View at NVD, CVE.org

Vulnerability category: Cross-site request forgery (CSRF)

Exploit prediction scoring system (EPSS) score for CVE-2013-2713

Probability of exploitation activity in the next 30 days: 0.97%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 81 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2013-2713

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2013-2713

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-2713

https://www.htbridge.com/advisory/HTB23150

Multiple Vulnerabilities in KrisonAV CMS - HTB23150 Security Advisory | ImmuniWeb

CVEs referencing this url
http://archives.neohapsis.com/archives/bugtraq/2013-04/0184.html

CVEs referencing this url
http://www.exploit-db.com/exploits/24965

KrisonAV CMS 3.0.1 - Multiple Vulnerabilities - PHP webapps Exploit
Exploit

CVEs referencing this url
http://www.securityfocus.com/bid/59273

KrisonAV CMS Cross Site Scripting and Cross Site Request Forgery Vulnerabilities

CVEs referencing this url
http://www.krisonav.com/index.php?module=articles_show&articles_id=release-notes

Vendor Advisory

CVEs referencing this url

Products affected by CVE-2013-2713

Krisonav » Krisonav
Versions up to, including, (<=) 3.0.1
cpe:2.3:a:krisonav:krisonav:*:*:*:*:*:*:*:*
Matching versions
Krisonav » Krisonav » Version: 0.9.7
cpe:2.3:a:krisonav:krisonav:0.9.7:*:*:*:*:*:*:*
Matching versions
Krisonav » Krisonav » Version: 0.9.6
cpe:2.3:a:krisonav:krisonav:0.9.6:*:*:*:*:*:*:*
Matching versions
Krisonav » Krisonav » Version: 0.9.5
cpe:2.3:a:krisonav:krisonav:0.9.5:*:*:*:*:*:*:*
Matching versions
Krisonav » Krisonav » Version: 0.9.4
cpe:2.3:a:krisonav:krisonav:0.9.4:*:*:*:*:*:*:*
Matching versions
Krisonav » Krisonav » Version: 2.1.6
cpe:2.3:a:krisonav:krisonav:2.1.6:*:*:*:*:*:*:*
Matching versions
Krisonav » Krisonav » Version: 2.1.5
cpe:2.3:a:krisonav:krisonav:2.1.5:*:*:*:*:*:*:*
Matching versions
Krisonav » Krisonav » Version: 2.1.3
cpe:2.3:a:krisonav:krisonav:2.1.3:*:*:*:*:*:*:*
Matching versions
Krisonav » Krisonav » Version: 2.0.1 Update Beta
cpe:2.3:a:krisonav:krisonav:2.0.1:beta:*:*:*:*:*:*
Matching versions
Krisonav » Krisonav » Version: 3.0.0
cpe:2.3:a:krisonav:krisonav:3.0.0:*:*:*:*:*:*:*
Matching versions
Krisonav » Krisonav » Version: 1.1.35
cpe:2.3:a:krisonav:krisonav:1.1.35:*:*:*:*:*:*:*
Matching versions
Krisonav » Krisonav » Version: 1.0.1
cpe:2.3:a:krisonav:krisonav:1.0.1:*:*:*:*:*:*:*
Matching versions
Krisonav » Krisonav » Version: 1.0.2
cpe:2.3:a:krisonav:krisonav:1.0.2:*:*:*:*:*:*:*
Matching versions
Krisonav » Krisonav » Version: 1.0.0 Update Beta
cpe:2.3:a:krisonav:krisonav:1.0.0:beta:*:*:*:*:*:*
Matching versions
Krisonav » Krisonav » Version: 0.9.3
cpe:2.3:a:krisonav:krisonav:0.9.3:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2013-2713

Exploit prediction scoring system (EPSS) score for CVE-2013-2713

CVSS scores for CVE-2013-2713

CWE ids for CVE-2013-2713

References for CVE-2013-2713

Products affected by CVE-2013-2713