Vulnerability Details CVE-2013-7209
Cross-site request forgery (CSRF) vulnerability in admBase/login.page in the Admin module in JForum allows remote attackers to hijack the authentication of administrators for requests that change the user group permissions of arbitrary users via a groupsSave action.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 58.3%
CVSS Severity
CVSS v2 Score 6.8
References
- http://osvdb.org/101438
- http://packetstormsecurity.com/files/124598/JForum-Cross-Site-Request-Forgery.html
- http://seclists.org/fulldisclosure/2013/Dec/206
- http://osvdb.org/101438
- http://packetstormsecurity.com/files/124598/JForum-Cross-Site-Request-Forgery.html
- http://seclists.org/fulldisclosure/2013/Dec/206