Vulnerability Description
Multiple cross-site request forgery (CSRF) vulnerabilities in Php Scriptlerim Who's Who script allow remote attackers to hijack the authentication of administrators or requests that (1) add an admin account via a request to filepath/yonetim/plugin/adminsave.php or have unspecified impact via a request to (2) ayarsave.php, (3) uyesave.php, (4) slaytadd.php, or (5) slaytsave.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phpscriptlerim | Php Scriptlerim Who\'S Who | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/129102/Whos-Who-Script-Cross-Site-Request-FExploit
- http://www.exploit-db.com/exploits/35129Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98631
- http://packetstormsecurity.com/files/129102/Whos-Who-Script-Cross-Site-Request-FExploit
- http://www.exploit-db.com/exploits/35129Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98631
FAQ
What is CVE-2014-8953?
CVE-2014-8953 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Multiple cross-site request forgery (CSRF) vulnerabilities in Php Scriptlerim Who's Who script allow remote attackers to hijack the authentication of administrators or requests that (1) add an admin a...
How severe is CVE-2014-8953?
CVE-2014-8953 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-8953?
Check the references section above for vendor advisories and patch information. Affected products include: Phpscriptlerim Php Scriptlerim Who\'S Who.