CVE-2010-2282
published 2010-06-15CVE-2010-2282: Cross-site request forgery (CSRF) vulnerability in TomatoCMS 2.0.6 allows remote attackers to hijack the authentication of administrators for requests that…
PriorityP426medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EXPLOIT
EPSS
0.79%
51.7th percentile
Cross-site request forgery (CSRF) vulnerability in TomatoCMS 2.0.6 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tomatocms | tomatocms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
TomatoCMS 2.0.5 - Multiple Cross-Site Request Forgery Vulnerabilities
exploitdb·2010-07-11
CVE-2010-2282 TomatoCMS 2.0.5 - Multiple Cross-Site Request Forgery Vulnerabilities
TomatoCMS 2.0.5 - Multiple Cross-Site Request Forgery Vulnerabilities
---
Date: Sun 11 Jul 2010 03:36:08 PM EEST
Vendor: http://www.tomatocms.com/
Download: None
--->
-=[ CSRF PoC 1 - Change Administrator Password ]=-
TomatoCMS 2.0.5 Multiple CSRF Vulnerabilities - Change Admin Password
-=[ CSRF PoC 2 - Create Admin User ]=-
TomatoCMS 2.0.5 Multiple CSRF Vulnerabilities - Create Admin User
-=[ CSRF PoC 3 - Deactivate User ]=-
TomatoCMS 2.0.5 Multiple CSRF Vulnerabilities - Deactivate User
-=[ CSRF PoC 4 - Logout The Administrator ]=-
Exploit-DB
D-Link DKVM-IP8 - Cross-Site Scripting
exploitdb·2010-01-06
CVE-2010-0936 D-Link DKVM-IP8 - Cross-Site Scripting
D-Link DKVM-IP8 - Cross-Site Scripting
---
# Exploit Title: D-LINK DKVM-IP8 XSS Vulnerability
# Date: 01-06-2010
# Author: POPCORN
# Software Link: http://www.dlink.ru/
# Version: 2282_dlinkA4_p8_20071213
# Tested on: Windows Sp 2
# Site : http://Hacking.ge
# Code :
POST http://site.com80/auth.asp HTTP/1.0
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)
Host: 212.58.116.80
Content-Length: 90
Connection: Close
Pragma: no-cache
Attack details
The POST variable nickname has been set to 1>">">
No writeups or analysis indexed.
2010-06-15
Published