CVE-2010-2039 : Cross-site request forgery (CSRF) vulnerability in gpEasy CMS 1.6.2, 1.6.1, and earlier allows remote attackers to hijac

Cross-site request forgery (CSRF) vulnerability in gpEasy CMS 1.6.2, 1.6.1, and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative users via an Admin_Users action to index.php. NOTE: some of these details are obtained from third party information.

Published 2010-05-25 14:30:02

Updated 2017-08-17 01:32:35

Source MITRE

View at NVD, CVE.org

Vulnerability category: Cross-site request forgery (CSRF)

Exploit prediction scoring system (EPSS) score for CVE-2010-2039

Probability of exploitation activity in the next 30 days: 1.50%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 85 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2010-2039

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2010-2039

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2010-2039

https://exchange.xforce.ibmcloud.com/vulnerabilities/58214

gpEasy CMS admin interface cross-site request forgery CVE-2010-2039 Vulnerability Report
http://www.vupen.com/english/advisories/2010/1030

Webmail | OVH- OVH
Vendor Advisory
http://packetstormsecurity.org/1004-exploits/gpeasy-xsrf.txt

Files ≈ Packet Storm
Exploit
http://www.exploit-db.com/exploits/12441

gpEasy 1.6.1 - Cross-Site Request Forgery (Add Admin) - PHP webapps Exploit
Exploit

Products affected by CVE-2010-2039

Gpeasy » Gpeasy Cms
Versions up to, including, (<=) 1.6.2
cpe:2.3:a:gpeasy:gpeasy_cms:*:*:*:*:*:*:*:*
Matching versions
Gpeasy » Gpeasy Cms » Version: 1.5
cpe:2.3:a:gpeasy:gpeasy_cms:1.5:*:*:*:*:*:*:*
Matching versions
Gpeasy » Gpeasy Cms » Version: 1.6 Update RC3
cpe:2.3:a:gpeasy:gpeasy_cms:1.6:rc3:*:*:*:*:*:*
Matching versions
Gpeasy » Gpeasy Cms » Version: 1.6
cpe:2.3:a:gpeasy:gpeasy_cms:1.6:*:*:*:*:*:*:*
Matching versions
Gpeasy » Gpeasy Cms » Version: 1.6.3
cpe:2.3:a:gpeasy:gpeasy_cms:1.6.3:*:*:*:*:*:*:*
Matching versions
Gpeasy » Gpeasy Cms » Version: 1.6 Update RC4
cpe:2.3:a:gpeasy:gpeasy_cms:1.6:rc4:*:*:*:*:*:*
Matching versions
Gpeasy » Gpeasy Cms » Version: 1.5 Update RC2
cpe:2.3:a:gpeasy:gpeasy_cms:1.5:rc2:*:*:*:*:*:*
Matching versions
Gpeasy » Gpeasy Cms » Version: 1.6.1
cpe:2.3:a:gpeasy:gpeasy_cms:1.6.1:*:*:*:*:*:*:*
Matching versions
Gpeasy » Gpeasy Cms » Version: 1.6 Update RC2
cpe:2.3:a:gpeasy:gpeasy_cms:1.6:rc2:*:*:*:*:*:*
Matching versions
Gpeasy » Gpeasy Cms » Version: 1.6 Update RC5
cpe:2.3:a:gpeasy:gpeasy_cms:1.6:rc5:*:*:*:*:*:*
Matching versions
Gpeasy » Gpeasy Cms » Version: 1.5 Update RC4
cpe:2.3:a:gpeasy:gpeasy_cms:1.5:rc4:*:*:*:*:*:*
Matching versions
Gpeasy » Gpeasy Cms » Version: 1.5 Update RC3
cpe:2.3:a:gpeasy:gpeasy_cms:1.5:rc3:*:*:*:*:*:*
Matching versions
Gpeasy » Gpeasy Cms » Version: 1.6 Update RC1
cpe:2.3:a:gpeasy:gpeasy_cms:1.6:rc1:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2010-2039

Exploit prediction scoring system (EPSS) score for CVE-2010-2039

CVSS scores for CVE-2010-2039

CWE ids for CVE-2010-2039

References for CVE-2010-2039

Products affected by CVE-2010-2039