CVE-2018-1000506

{"id": "CVE-2018-1000506", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2018-06-26T16:29:00.680", "references": [{"url": "https://advisories.dxw.com/advisories/csrf-metronet-tag-manager/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Metronet Tag Manager version 1.2.7 contains a Cross ite Request Forgery (CSRF) vulnerability in Settings page /wp-admin/options-general.php?page=metronet-tag-manager that can result in allows anybody to do almost anything an admin can. This attack appear to be exploitable via Logged in user must follow a link. This vulnerability appears to have been fixed in 1.2.9."}, {"lang": "es", "value": "Metronet Tag Manager 1.2.7 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) en la p\u00e1gina Settings en /wp-admin/options-general.php?page=metronet-tag-manager que puede resultar en que cualquiera pueda hacer casi las mismas acciones que un administrador. El ataque parece ser explotable mediante un usuario con la sesi\u00f3n iniciada que abra un enlace. La vulnerabilidad parece haber sido solucionada en la versi\u00f3n 1.2.9."}], "lastModified": "2018-08-30T17:32:53.803", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mediaron:metronet_tag_manager:1.2.7:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "85208FC5-8A5E-43AA-8315-FE091E3B8663"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}