Home > Vulnerability Database > CVE-2008-0165

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2008-0165

Date: April 20, 2008

Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms.

Severity Score

3.7

Related Resources (9)

Url: http://secunia.com/advisories/29907

Url: http://ikiwiki.info/security/#index31h2

Url: https://nvd.nist.gov/vuln/detail/CVE-2008-0165

Url: http://www.debian.org/security/2008/dsa-1553

Url: http://www.vupen.com/english/advisories/2008/1297/references

Url: http://secunia.com/advisories/29932

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/41904

Url: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475445

Url: https://www.mend.io/vulnerability-database/CVE-2008-0165

Severity Score

3.7

Weakness Type (CWE)

Cross-Site Request Forgery (CSRF)

CWE-352

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Do you need more information?

Contact Us