CVE-2008-3925
published 2008-09-04CVE-2008-3925: Cross-site request forgery (CSRF) vulnerability in admin.php in Content Management Made Easy (CMME) 1.12 allows remote attackers to trigger the logout of an…
PriorityP416medium4.3CVSS 2.0
AVNACMAuNCNINAP
EXPLOIT
EPSS
1.11%
61.8th percentile
Cross-site request forgery (CSRF) vulnerability in admin.php in Content Management Made Easy (CMME) 1.12 allows remote attackers to trigger the logout of an administrative user via a logout action.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hans_oesterholt | cmme | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
SmarterMail 7.1.3876 - Directory Traversal
exploitdb·2010-09-19
CVE-2010-3486 SmarterMail 7.1.3876 - Directory Traversal
SmarterMail 7.1.3876 - Directory Traversal
---
# Note: Fixed by the vendor in version 7.2.3925
# http://www.smartertools.com/smartermail/releasenotes/v7.aspx
Vendor: smartertools.com SmarterMail 7.x (7.1.3876) | Bug : Directory
Traversal, OS Command Injection, Other Critcal Vulns
########################################################################
# Vendor: smartertools.com SmarterMail 7.x (7.1.3876)
# Date: 2010-09-12
# Author : sqlhacker – http://cloudscan.me
# Thanks to : Burp Suite Pro - engagement tool
# : FuzzDB
# Contact : [email protected]
# Home : http://cloudscan.me
# Dork : insite: SmarterMail Enterprise 7.1
# Bug : Directory Traversal, OS Command Injection, Other Critcal Vulns
# Tested on : SmarterMail 7.x (7.1.3876) // Windows 2008 /64/R2
# Vendor Contact - August 14, 2
Exploit-DB
CMME 1.12 - Local File Inclusion / Cross-Site Scripting / Cross-Site Request Forgery/Download Backup/Make Directory
exploitdb·2008-08-26
CVE-2008-3926 CMME 1.12 - Local File Inclusion / Cross-Site Scripting / Cross-Site Request Forgery/Download Backup/Make Directory
CMME 1.12 - Local File Inclusion / Cross-Site Scripting / Cross-Site Request Forgery/Download Backup/Make Directory
---
##################################################################################################################
[+] CMME 1.12 (LFI/XSS/CSRF/Download Backup/MkDir) Multiple Remote Vulnerabilities
[+] Discovered By SirGod
[+] www.mortal-team.org
[+] Greetz : E.M.I.N.E.M,Ras,Puscas_marin,ToxicBlood,MesSiAH,xZu,HrN,kemrayz
##################################################################################################################
[+] Local File Inclusion
Note : magic_quotes_gpc must be off.
Example :
http://localhost/index.php?page=weblog&env=[Local File]%00
PoC :
http://localhost/index.php?page=weblog&env=../../../autoexec.bat%00
[+] Download Backup
Examp
No writeups or analysis indexed.
2008-09-04
Published