Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in administrator/index2.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to hijack the authentication of administrators for requests that add new administrator accounts via the save task in a com_users action, as demonstrated using a separate XSS vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mambo-Foundation | Mambo | <= 4.6.3 |
| Brilaps | Mostlyce | <= 2.0 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html
- http://forum.mambo-foundation.org/showthread.php?t=10158
- http://osvdb.org/42531Exploit
- http://secunia.com/advisories/28670Vendor Advisory
- http://www.bugreport.ir/index_33.htmExploit
- http://www.securityfocus.com/archive/1/487128/100/200/threaded
- http://www.vupen.com/english/advisories/2008/0325Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39985
- http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html
- http://forum.mambo-foundation.org/showthread.php?t=10158
- http://osvdb.org/42531Exploit
- http://secunia.com/advisories/28670Vendor Advisory
- http://www.bugreport.ir/index_33.htmExploit
- http://www.securityfocus.com/archive/1/487128/100/200/threaded
- http://www.vupen.com/english/advisories/2008/0325Vendor Advisory
FAQ
What is CVE-2008-7214?
CVE-2008-7214 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Cross-site request forgery (CSRF) vulnerability in administrator/index2.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to hijack the authentication of administ...
How severe is CVE-2008-7214?
CVE-2008-7214 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-7214?
Check the references section above for vendor advisories and patch information. Affected products include: Mambo-Foundation Mambo, Brilaps Mostlyce.