Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 24/09/2007 Updated: 15/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site request forgery (CSRF) vulnerability in the cpass functionality in an admin action in index.php in XCMS allows remote malicious users to change arbitrary passwords via certain password_ and rpassword_ parameters, possibly related to timestamp values.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xcms xcms

source: wwwsecurityfocuscom/bid/25771/info Xcms is prone to a vulnerability that lets attackers execute arbitrary PHP code because the application fails to properly sanitize user-supplied input An attacker can exploit this issue to execute arbitrary malicious PHP code in the context of the webserver process This may help the attacker c ...

CWE-352 http://www.securityfocus.com/bid/25771 http://secunia.com/advisories/26941 http://securityreason.com/securityalert/3165 https://exchange.xforce.ibmcloud.com/vulnerabilities/36755 http://www.securityfocus.com/archive/1/480326/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/30603/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-5060

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect