Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack the authentication of users for requests that change passwords and possibly have unspecified other impact as demonstrated by a crafted user action request to index.php.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zoneminder | Zoneminder | <= 1.30.0 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2017/02/05/1ExploitMailing List
- http://www.securityfocus.com/bid/97114
- https://www.foxmole.com/advisories/foxmole-2016-07-05.txtExploitThird Party Advisory
- http://www.openwall.com/lists/oss-security/2017/02/05/1ExploitMailing List
- http://www.securityfocus.com/bid/97114
- https://www.foxmole.com/advisories/foxmole-2016-07-05.txtExploitThird Party Advisory
FAQ
What is CVE-2016-10206?
CVE-2016-10206 is a vulnerability with a CVSS score of 8.8 (HIGH). Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack the authentication of users for requests that change passwords and possibly have unspec...
How severe is CVE-2016-10206?
CVE-2016-10206 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-10206?
Check the references section above for vendor advisories and patch information. Affected products include: Zoneminder Zoneminder.