CVE-2010-4750
published 2011-03-01CVE-2010-4750: Cross-site request forgery (CSRF) vulnerability in admin/libs/ADMIN.php in BLOG:CMS 4.2.1.e, and possibly earlier, allows remote attackers to hijack the…
PriorityP429medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
1.02%
59.1th percentile
Cross-site request forgery (CSRF) vulnerability in admin/libs/ADMIN.php in BLOG:CMS 4.2.1.e, and possibly earlier, allows remote attackers to hijack the authentication of administrators.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| blogcms | blog | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat3.3LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4m2p-3mq4-6fxc: Cross-site request forgery (CSRF) vulnerability in admin/libs/ADMIN
ghsa_unreviewed·2022-05-17
CVE-2010-4750 [MEDIUM] CWE-352 GHSA-4m2p-3mq4-6fxc: Cross-site request forgery (CSRF) vulnerability in admin/libs/ADMIN
Cross-site request forgery (CSRF) vulnerability in admin/libs/ADMIN.php in BLOG:CMS 4.2.1.e, and possibly earlier, allows remote attackers to hijack the authentication of administrators.
Red Hat
fuse: Race condition by umount (fusermount) operations
vendor_redhat·2010-01-26·CVSS 3.3
CVE-2010-0789 [LOW] fuse: Race condition by umount (fusermount) operations
fuse: Race condition by umount (fusermount) operations
fusermount in FUSE before 2.7.5, and 2.8.x before 2.8.2, allows local users to unmount an arbitrary FUSE filesystem share via a symlink attack on a mountpoint.
Statement: This issue affects Red Hat Enterprise Linux 5 because it ships fusermount suid root, however the impact of this flaw is minimized due to the fact that only members in group fuse may use it the executable is owned root:fuse and mode 4750.
Red Hat Enterprise Linux 3 and 4 do not provide the fuse package.
The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:
https://access.redhat.com/security/updates/classification/
Package: fuse (Red Hat Ente
No detection rules found.
No writeups or analysis indexed.
http://blogcms.com/http://packetstormsecurity.org/files/view/96731/blogcms-xsrfxss.txthttp://securityreason.com/securityalert/8112http://www.exploit-db.com/exploits/15743http://www.htbridge.ch/advisory/xsrf_csrf_in_blogcms.htmlhttp://blogcms.com/http://packetstormsecurity.org/files/view/96731/blogcms-xsrfxss.txthttp://securityreason.com/securityalert/8112http://www.exploit-db.com/exploits/15743http://www.htbridge.ch/advisory/xsrf_csrf_in_blogcms.html
2011-03-01
Published