CVE-2004-2364

Cross-site request forgery (CSRF) vulnerability in PHPX 3.0 through 3.2.6 allows remote attackers to execute arbitrary commands via URLs that are automatically executed on behalf of the administrator, as demonstrated using (1) admin/page.php, (2) admin/news.php, (3) admin/user.php, (4) admin/images.php, (5) admin/page.php, or (6) admin/forums.php.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/11554
http://securitytracker.com/id?1010061
http://www.osvdb.org/5907
http://www.osvdb.org/5908
http://www.osvdb.org/5909
http://www.osvdb.org/5910
http://www.osvdb.org/5911
http://www.phpx.org/project.php?action=view&project_id=1	Patch URL Repurposed
http://www.securityfocus.com/archive/1/362230	Exploit Vendor Advisory
http://www.securityfocus.com/bid/10284	Exploit Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:phpx:phpx:3.0.0:::::::*
	cpe:2.3:a:phpx:phpx:3.0.1:::::::*
	cpe:2.3:a:phpx:phpx:3.0.2:::::::*
	cpe:2.3:a:phpx:phpx:3.0.3:::::::*
	cpe:2.3:a:phpx:phpx:3.0.4:::::::*
	cpe:2.3:a:phpx:phpx:3.0.5:::::::*
	cpe:2.3:a:phpx:phpx:3.0.6:::::::*
	cpe:2.3:a:phpx:phpx:3.0.7:::::::*
	cpe:2.3:a:phpx:phpx:3.1.0:::::::*
	cpe:2.3:a:phpx:phpx:3.1.1:::::::*
	cpe:2.3:a:phpx:phpx:3.1.2:::::::*
	cpe:2.3:a:phpx:phpx:3.1.3:::::::*
	cpe:2.3:a:phpx:phpx:3.1.4:::::::*
	cpe:2.3:a:phpx:phpx:3.2.0:::::::*
	cpe:2.3:a:phpx:phpx:3.2.1:::::::*
	cpe:2.3:a:phpx:phpx:3.2.2:::::::*
	cpe:2.3:a:phpx:phpx:3.2.3:::::::*
	cpe:2.3:a:phpx:phpx:3.2.4:::::::*
	cpe:2.3:a:phpx:phpx:3.2.5:::::::*
	cpe:2.3:a:phpx:phpx:3.2.6:::::::*

History

14 Feb 2024, 01:17

Type	Values Removed	Values Added
References	~~() http://www.phpx.org/project.php?action=view&project_id=1 - Patch~~	() http://www.phpx.org/project.php?action=view&project_id=1 - Patch, URL Repurposed

Information

Published : 2004-12-31 05:00

Updated : 2024-02-14 01:17

NVD link : CVE-2004-2364

Mitre link : CVE-2004-2364

CVE.ORG link : CVE-2004-2364

JSON object : View

Products Affected

phpx

phpx

CWE

NVD-CWE-Other

{"id": "CVE-2004-2364", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2004-12-31T05:00:00.000", "references": [{"url": "http://secunia.com/advisories/11554", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1010061", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/5907", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/5908", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/5909", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/5910", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/5911", "source": "cve@mitre.org"}, {"url": "http://www.phpx.org/project.php?action=view&project_id=1", "tags": ["Patch", "URL Repurposed"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/362230", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/10284", "tags": ["Exploit", "Patch"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in PHPX 3.0 through 3.2.6 allows remote attackers to execute arbitrary commands via URLs that are automatically executed on behalf of the administrator, as demonstrated using (1) admin/page.php, (2) admin/news.php, (3) admin/user.php, (4) admin/images.php, (5) admin/page.php, or (6) admin/forums.php."}], "lastModified": "2024-02-14T01:17:43.863", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:phpx:phpx:3.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6CEA20A-E641-4997-B35A-06EC14C83B33"}, {"criteria": "cpe:2.3:a:phpx:phpx:3.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E73B574A-3307-4734-884B-A7893CEE56B4"}, {"criteria": "cpe:2.3:a:phpx:phpx:3.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01584023-8155-4FA8-8F37-4CCA48FCC8DE"}, {"criteria": "cpe:2.3:a:phpx:phpx:3.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8AD47CA4-A5E9-4EAB-9D9D-32892D384B51"}, {"criteria": "cpe:2.3:a:phpx:phpx:3.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D48E8454-0808-46B7-A692-F91BF20C3733"}, {"criteria": "cpe:2.3:a:phpx:phpx:3.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D8466FC-E652-4B52-A3AB-601CFBDBE0D9"}, {"criteria": "cpe:2.3:a:phpx:phpx:3.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9F3A1D6-657D-46A7-9FD7-6EB43FE4D3EE"}, {"criteria": "cpe:2.3:a:phpx:phpx:3.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C793EC7-0B35-4C43-90B3-D39EA917E40E"}, {"criteria": "cpe:2.3:a:phpx:phpx:3.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34ACF990-0A89-43B1-ACA6-54CEFB1A45EB"}, {"criteria": "cpe:2.3:a:phpx:phpx:3.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF48C341-2255-4A3B-8DC6-82797BBD40CF"}, {"criteria": "cpe:2.3:a:phpx:phpx:3.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6157764-E76A-452E-8991-366224E9D6E8"}, {"criteria": "cpe:2.3:a:phpx:phpx:3.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "751ABFD4-5DCA-4D93-87B0-14D4C8A66B80"}, {"criteria": "cpe:2.3:a:phpx:phpx:3.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCA0E2F6-8CDC-4D70-AE79-0E4FF3D64F77"}, {"criteria": "cpe:2.3:a:phpx:phpx:3.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F9A8C2F-611E-4E2B-9B3B-E6606BCC3519"}, {"criteria": "cpe:2.3:a:phpx:phpx:3.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97DBE63F-32EC-43A0-8454-62DA124919F4"}, {"criteria": "cpe:2.3:a:phpx:phpx:3.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6BE8112-E8CF-4D38-B3AD-843446B26392"}, {"criteria": "cpe:2.3:a:phpx:phpx:3.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A692A925-E22A-4A35-96F8-8F9E123B44E0"}, {"criteria": "cpe:2.3:a:phpx:phpx:3.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9CC47FB8-8F61-4389-8F7F-F8397863884B"}, {"criteria": "cpe:2.3:a:phpx:phpx:3.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5E28B044-1D5C-45E4-8901-057117CD0590"}, {"criteria": "cpe:2.3:a:phpx:phpx:3.2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1CE385A-D04D-4E20-9C64-9B2E4307988E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}