Computer Security
[EN] securityvulns.ru no-pyccku


CVECVE-2015-5075
StatusCandidate
DescriptionCross-site request forgery (CSRF) vulnerability in X2Engine X2CRM before 5.2 allows remote attackers to hijack the authentication of administrators for requests that create an administrative account via a crafted request to index.php/users/create.
Severity
Medium
CVSS score6,8
CVSS vector(AV:N/AC:M/Au:N/C:P/I:P/A:P)
PhaseAssigned (26.06.2015)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5075
ReferencesFULLDISC : 20150925 CVE-2015-5075 - Cross-Site Request Forgery In X2Engine Inc. X2Engine
 MISC : https://www.portcullis-security.com/security-resea...
SecurityVulns:Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod