← back
CVE-2008-4448

CVE-2008-4448

EPSS 0.7%
Cross-site request forgery (CSRF) vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to perform unauthorized actions as an administrator, including file deletion and creation, via a link or IMG tag to the (1) overkill, (2) futils, or (3) edit actions.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.org/0810-exploits/webshell431-xssxsrf.txthttp://secunia.com/advisories/32086https://exchange.xforce.ibmcloud.com/vulnerabilities/45614