CVE-2010-0709

EPSS 1.2%

Multiple cross-site request forgery (CSRF) vulnerabilities in Limny 2.0 allow remote attackers to (1) hijack the authentication of users or administrators for requests that change the email address or password via the user action to index.php, and (2) hijack the authentication of the administrator for requests that create a new user via the admin/modules/user/new action to limny/index.php.

Affected products

n/a · n/a

public PoCs found — 4

cve_referencewww.exploit-db.com/exploits/11477unverified cve_referencewww.exploit-db.com/exploits/11478unverified exploitdbwww.exploit-db.com/exploits/11477unverified exploitdbwww.exploit-db.com/exploits/11478unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://osvdb.org/62389 http://secunia.com/advisories/38616 https://exchange.xforce.ibmcloud.com/vulnerabilities/56318 http://www.exploit-db.com/exploits/11477 http://www.exploit-db.com/exploits/11478 http://www.limny.org/