CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2010-3464

Cross-site request forgery (CSRF) vulnerability in admin/manager_users.class.php in SantaFox 2.02, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests, as demonstrated by adding administrative users via the save_admin action to admin/index.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 36.3%

CVSS Severity

CVSS v2 Score 6.8

References

http://packetstormsecurity.org/1009-exploits/santafox-xssxsrf.txt
http://secunia.com/advisories/41465
http://www.htbridge.ch/advisory/xsrf_csrf_in_santafox.html
http://www.securityfocus.com/archive/1/513738/100/0/threaded
http://packetstormsecurity.org/1009-exploits/santafox-xssxsrf.txt
http://secunia.com/advisories/41465
http://www.htbridge.ch/advisory/xsrf_csrf_in_santafox.html
http://www.securityfocus.com/archive/1/513738/100/0/threaded

Products affected by CVE-2010-3464

Santafox » Santafox » Version: 2.02

cpe:2.3:a:santafox:santafox:2.02

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2010-3464

Products

Pricing

Contact Us