CVEbuzz logo
This website displays data collected from external sources, and is not responsible for any aspect of it. Read more...

Security / vulnerability advisories for Kan-Studio Kandidat CMS 1.4.2

Titles listed in dictionary

CPE for product: cpe:2.3:a:kan-studio:kandidat_cms:1.4.2:*:*:*:*:*:*:*

Showing 1-1 of 1
Medium damage 6.8
Easy to exploit
(other affected products) Published: Sat Jan 3 11:59:00 2015 UTC. Last Modified: Mon Jan 5 18:28:00 2015 UTC
CPE matches: cpe:2.3:a:kan-studio:kandidat_cms:1.4.2:*:*:*:*:*:*:*

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Kandidat CMS 1.4.2 allow remote attackers to hijack the authentication of administrators for requests that (1) modify settings via a validate action to admin/settings.php, (2) modify pages via the what parameter to admin/edit.php, or (3) modify articles via the edit parameter to admin/news.php.

Damage

Attack conditions

Damage and attack conditions obtained from AV:N/AC:M/Au:N/C:P/I:P/A:P (CVSSv2)

Type of bug(s)

References