Published: 03/07/2014 Updated: 07/07/2014

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Multiple cross-site request forgery (CSRF) vulnerabilities in Lunar CMS prior to 3.3-3 allow remote malicious users to hijack the authentication of administrators for requests that (1) add Super users via a request to admin/user_create.php or conduct cross-site scripting (XSS) attacks via the (2) email or (3) subject parameter in contact_form.ext.php to admin/extensions.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
lunarcms lunar cms 3.3
lunarcms lunar cms 3.2
lunarcms lunar cms 3.1
lunarcms lunar cms

<!-- Lunar CMS 33 CSRF And Stored XSS Vulnerability Vendor: Lunar CMS Product web page: wwwlunarcmscom Affected version: 33 Summary: Lunar CMS is a freely distributable open sourcecontent management system written for use on servers running the ever so popular PHP5 & MySQL Desc: Lunar CMS suffers from a cross-site request fo ...

CWE-352 http://osvdb.org/show/osvdb/108350 http://www.exploit-db.com/exploits/33830 http://osvdb.org/show/osvdb/108351 http://lunarcms.com/Get.html http://packetstormsecurity.com/files/127188/Lunar-CMS-3.3-CSRF-Cross-Site-Scripting.html http://www.securityfocus.com/bid/68153 http://secunia.com/advisories/59411 http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5188.php https://nvd.nist.gov https://www.exploit-db.com/exploits/33830/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-4718

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect