
We found results for “”
CVE-2015-2680
Good to know:

Date: March 23, 2015
Cross-site request forgery (CSRF) vulnerability in MetalGenix GeniXCMS before 0.0.2 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a request in the users page to gxadmin/index.php.
Language: PHP
Severity Score
Related Resources (5)
Severity Score
Weakness Type (CWE)
Cross-Site Request Forgery (CSRF)
CWE-352Top Fix

CVSS v2
Base Score: |
|
---|---|
Access Vector (AV): | NETWORK |
Access Complexity (AC): | MEDIUM |
Authentication (AU): | NONE |
Confidentiality (C): | PARTIAL |
Integrity (I): | PARTIAL |
Availability (A): | PARTIAL |
Additional information: |