NVD

Id
30976  
Name
CVE-2014-2579  
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in XCloner Standalone 3.5 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrator password via the config task to index2.php or (2) when the enable_db_backup and sql_mem options are enabled, access the database backup functionality via the dbbackup_comp parameter in the generate action to index2.php. NOTE: vector 2 might be a duplicate of CVE-2014-2340, which is for the XCloner Wordpress plugin. NOTE: remote attackers can leverage CVE-2014-2996 with vector 2 to execute arbitrary commands.  
Reject
 
CVSS Version
2  
CVSS Score
7.6  
Severity
High  
CVSS Base Score
7.6  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
4.9  
CVSS Vector
(AV:N/AC:H/Au:N/C:C/I:C/A:C)  
Pub Date
2017-01-19  
Published
2014-04-25  
Modified Date
2015-10-08  
Seq
2014-2579  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
162872 30976 CVE-2014-2579 32790  View
162873 30976 CVE-2014-2579 20140409 Сross-Site Request Forgery (CSRF) in XCloner Standalone  View
162874 30976 CVE-2014-2579 66751  View
162875 30976 CVE-2014-2579 https://www.htbridge.com/advisory/HTB23207  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
13409 JVNDB-2014-002284 XCloner Standalone におけるクロスサイトリクエストフォージェリの脆弱性 XCloner Standalone には、クロスサイトリクエストフォージェリの脆弱性が存在します。 CVE-2014-2579 69866 CVE-2014-2579 30976 7.6 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-002284.html 2014-04-09 2014-04-30 View