Vulnerability Description
Multiple cross-site request forgery (CSRF) vulnerabilities in BugTracker.NET before 2.7.2 allow remote attackers to delete arbitrary bugs and perform other administrative tasks via unspecified vectors, possibly related to delete_*.aspx pages, and massedit.aspx, subscribe.aspx, flag.aspx, and relationships.aspx.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bugtracker.Net | Bugtracker.Net | <= 2.7.1 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/28481Vendor Advisory
- http://sourceforge.net/project/shownotes.php?group_id=66812&release_id=568160Patch
- http://sourceforge.net/tracker/index.php?func=detail&aid=1867089&group_id=66812&
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39651
- http://secunia.com/advisories/28481Vendor Advisory
- http://sourceforge.net/project/shownotes.php?group_id=66812&release_id=568160Patch
- http://sourceforge.net/tracker/index.php?func=detail&aid=1867089&group_id=66812&
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39651
FAQ
What is CVE-2008-0336?
CVE-2008-0336 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site request forgery (CSRF) vulnerabilities in BugTracker.NET before 2.7.2 allow remote attackers to delete arbitrary bugs and perform other administrative tasks via unspecified vectors...
How severe is CVE-2008-0336?
CVE-2008-0336 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-0336?
Check the references section above for vendor advisories and patch information. Affected products include: Bugtracker.Net Bugtracker.Net.