CVE-2010-2345 : Cross-site request forgery (CSRF) vulnerability in odCMS 1.06, and possibly earlier, allows remote attackers to hijack t

Cross-site request forgery (CSRF) vulnerability in odCMS 1.06, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests that change the administrative password, and other unspecified requests.

Published 2010-06-21 15:30:03

Updated 2017-08-17 01:32:42

Source MITRE

View at NVD, CVE.org

Vulnerability category: Cross-site request forgery (CSRF)

Exploit prediction scoring system (EPSS) score for CVE-2010-2345

Probability of exploitation activity in the next 30 days: 0.16%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 52 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2010-2345

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2010-2345

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2010-2345

http://holisticinfosec.org/content/view/146/45/

404 Not Found

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/59248

odCMS password cross-site request forgery CVE-2010-2345 Vulnerability Report

Products affected by CVE-2010-2345

Odcms » Odcms » Version: 1.06
cpe:2.3:a:odcms:odcms:1.06:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2010-2345

Exploit prediction scoring system (EPSS) score for CVE-2010-2345

CVSS scores for CVE-2010-2345

CWE ids for CVE-2010-2345

References for CVE-2010-2345

Products affected by CVE-2010-2345