CVE-2008-5941 - OpenCVE

Cross-site request forgery (CSRF) vulnerability in MODx 0.9.6.1p2 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Modxcms	Modxcms

Configuration 1 [-]

OR	cpe:2.3:a:modxcms:modxcms::::::::
	cpe:2.3:a:modxcms:modxcms:0.9.0:::::::*
	cpe:2.3:a:modxcms:modxcms:0.9.1:::::::*
	cpe:2.3:a:modxcms:modxcms:0.9.2.1:::::::*
	cpe:2.3:a:modxcms:modxcms:0.9.5:::::::*
	cpe:2.3:a:modxcms:modxcms:0.9.6:::::::*

References

Link	Resource
http://jvn.jp/en/jp/JVN66828183/index.html
http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000004.html
http://svn.modxcms.com/svn/tattoo/tattoo/releases/0.9.6.3/install/changelog.txt

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-03T16:13:54

Updated: 2022-10-03T16:13:54

Reserved: 2022-10-03T00:00:00

Link: CVE-2008-5941

JSON object: View

NVD Information

Status : Analyzed

Published: 2009-01-22T11:30:05.377

Modified: 2009-01-22T11:30:05.377

Link: CVE-2008-5941

JSON object: View

Redhat Information

No data.

CWE

CWE-352

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in MODx 0.9.6.1p2 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-10-03T16:13:54", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "JVN#66828183", "tags": ["third-party-advisory", "x_refsource_JVN"], "url": "http://jvn.jp/en/jp/JVN66828183/index.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://svn.modxcms.com/svn/tattoo/tattoo/releases/0.9.6.3/install/changelog.txt"}, {"name": "JVNDB-2009-000004", "tags": ["third-party-advisory", "x_refsource_JVNDB"], "url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000004.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-5941", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site request forgery (CSRF) vulnerability in MODx 0.9.6.1p2 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "JVN#66828183", "refsource": "JVN", "url": "http://jvn.jp/en/jp/JVN66828183/index.html"}, {"name": "http://svn.modxcms.com/svn/tattoo/tattoo/releases/0.9.6.3/install/changelog.txt", "refsource": "CONFIRM", "url": "http://svn.modxcms.com/svn/tattoo/tattoo/releases/0.9.6.3/install/changelog.txt"}, {"name": "JVNDB-2009-000004", "refsource": "JVNDB", "url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000004.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-5941", "datePublished": "2022-10-03T16:13:54", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2022-10-03T16:13:54", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:modxcms:modxcms:*:*:*:*:*:*:*:*", "matchCriteriaId": "A3D814A6-66CA-4276-BB95-A26CEEE111C3", "versionEndIncluding": "0.9.6.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:modxcms:modxcms:0.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "5FAEAB43-9356-4B48-B252-8F26874302F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:modxcms:modxcms:0.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "E02443C7-BCFC-44B8-B7F0-490B01DD4220", "vulnerable": true}, {"criteria": "cpe:2.3:a:modxcms:modxcms:0.9.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "7AC57D5A-222E-49AE-B75B-A02AC6CA0A2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:modxcms:modxcms:0.9.5:*:*:*:*:*:*:*", "matchCriteriaId": "5A0BF512-B7EA-419D-966E-94F847DF52CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:modxcms:modxcms:0.9.6:*:*:*:*:*:*:*", "matchCriteriaId": "88C92A22-4E59-4D31-B476-AC80DAFC3BC5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in MODx 0.9.6.1p2 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors."}, {"lang": "es", "value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en MODx 0.9.6.1p2 y anteriores permite a atacantes remotos realizar acciones no autorizadas como otros usuarios mediante vectores desconocidos."}], "id": "CVE-2008-5941", "lastModified": "2009-01-22T11:30:05.377", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2009-01-22T11:30:05.377", "references": [{"source": "cve@mitre.org", "url": "http://jvn.jp/en/jp/JVN66828183/index.html"}, {"source": "cve@mitre.org", "url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000004.html"}, {"source": "cve@mitre.org", "url": "http://svn.modxcms.com/svn/tattoo/tattoo/releases/0.9.6.3/install/changelog.txt"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}