CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2010-0711

Cross-site request forgery (CSRF) vulnerability in default.asp in ASPCode CMS 1.5.8, 2.0.0 Build 103, and possibly other versions, allows remote attackers to hijack the authentication of an administrator for requests that (1) delete users via the delete action in the ma2 parameter or (2) create administrators via the update action in the ma2 parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 51.5%

CVSS Severity

CVSS v2 Score 6.8

References

http://osvdb.org/62357
http://packetstormsecurity.org/1002-exploits/aspcodecms-xssxsrf.txt
http://secunia.com/advisories/38596
http://osvdb.org/62357
http://packetstormsecurity.org/1002-exploits/aspcodecms-xssxsrf.txt
http://secunia.com/advisories/38596

Products affected by CVE-2010-0711

Aspcodecms » Aspcode Cms » Version: 1.5.8

cpe:2.3:a:aspcodecms:aspcode_cms:1.5.8
Aspcodecms » Aspcode Cms » Version: 2.0.0

cpe:2.3:a:aspcodecms:aspcode_cms:2.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2010-0711

Products

Pricing

Contact Us