CVE-2010-1732

{"id": "CVE-2010-1732", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2010-05-06T12:47:23.783", "references": [{"url": "http://community.zikula.org/index.php?module=News&func=display&sid=3012&title=zikula-1.2.3-release-announcement", "source": "cve@mitre.org"}, {"url": "http://www.htbridge.ch/advisory/xsrf_csrf_in_zikula_application_framework.html", "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in the users module in Zikula Application Framework before 1.2.3 allows remote attackers to hijack the authentication of administrators for requests that change the administrator email address (updateemail action)."}, {"lang": "es", "value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en el m\u00f3dulo users -usuarios- de Zikula Application Framework anterior a v1.2.3, permite a atacantes remotos secuestrar la autenticaci\u00f3n de los administradores en solicitudes que cambian la direcci\u00f3n de correo del administrador (acci\u00f3n updateemail)."}], "lastModified": "2010-05-11T04:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zikula:zikula_application_framework:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2539E06-1449-41D7-BE2F-8175BEE1C6DD", "versionEndIncluding": "1.2.2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}