Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in RunCMS 1.6.1 allows remote attackers to hijack the authentication of administrators for requests that (1) add new administrators or (2) modify user profiles via a crafted request to system/admin.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Runcms | Runcms | 1.6.1 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/archive/1/488287/100/200/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/40628
- http://www.securityfocus.com/archive/1/488287/100/200/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/40628
FAQ
What is CVE-2008-7221?
CVE-2008-7221 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Cross-site request forgery (CSRF) vulnerability in RunCMS 1.6.1 allows remote attackers to hijack the authentication of administrators for requests that (1) add new administrators or (2) modify user p...
How severe is CVE-2008-7221?
CVE-2008-7221 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-7221?
Check the references section above for vendor advisories and patch information. Affected products include: Runcms Runcms.