NVD

Id
13498  
Name
CVE-2010-2007  
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in LetoDMS (formerly MyDMS) 1.7.2 and earlier allow remote attackers to hijack the authentication of administrators for requests that use (1) op/op.EditUserData.php, (2) op/op.UsrMgr.php, (3) out/out.RemoveVersion.php, (4) op/op.RemoveFolder.php, (5) op/op.DefaultKeywords.php, (6) op/op.GroupMgr.php, (7) op/op.FolderAccess.php, (8) op/op.FolderNotify.php, or (9) op.MoveFolder.php in mydms.  
Reject
 
CVSS Version
2  
CVSS Score
6.8  
Severity
Medium  
CVSS Base Score
6.8  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-18  
Published
2010-05-20  
Modified Date
2010-05-21  
Seq
2010-2007  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
74550 13498 CVE-2010-2007 20100115 SEC Consult SA-20100115-0 :: Local file inclusion/execution and multiple CSRF vulnerabilities in LetoDMS (formerly MyDMS)  View
74551 13498 CVE-2010-2007 letodms-multiple-csrf(55710)  View
74552 13498 CVE-2010-2007 https://www.sec-consult.com/files/20100115-0_mydms_file_inclusion.txt  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
39026 JVNDB-2010-004811 LetoDMS (前 MyDMS) におけるクロスサイトリクエストフォージェリの脆弱性 LetoDMS (前 MyDMS) には、クロスサイトリクエストフォージェリの脆弱性が存在します。 CVE-2010-2007 44587 CVE-2010-2007 13498 6.8 http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-004811.html 2010-05-20 2012-09-25 View