NVD

Id
6924  
Name
CVE-2008-7193  
Description
PHPKIT 1.6.4 PL1 includes the session ID in the URL, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks by reading the PHPKITSID parameter from the HTTP Referer and using it in a request to (1) modify the user profile via upload_files/include.php or (2) create a new administrator via upload_files/pk/include.php.  
Reject
 
CVSS Version
2  
CVSS Score
6.8  
Severity
Medium  
CVSS Base Score
6.8  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-03  
Published
2009-09-09  
Modified Date
2009-09-10  
Seq
2008-7193  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
39187 6924 CVE-2008-7193 20080129 PHPKIT 1.6.4 PL1 2 XSRF Vulnerabilities  View
39188 6924 CVE-2008-7193 phpkit-include-csrf(40033)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
44712 JVNDB-2009-005719 PHPKIT におけるクロスサイトリクエストフォージェリ攻撃を実行される脆弱性 PHPKIT は、URL にセッション ID を含んでいるため、クロスサイトリクエストフォージェリ攻撃を実行される脆弱性が存在します。 CVE-2008-7193 37306 CVE-2008-7193 6924 6.8 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-005719.html 2009-09-09 2012-12-20 View