Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.10, possibly before revision 82710, allow remote attackers to hijack the authentication of administrators, as demonstrated by requests that conduct directory traversal attacks via the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-3514.
References
Link | Resource |
---|---|
http://osvdb.org/94778 | |
http://seclists.org/bugtraq/2013/Jul/27 | Exploit |
https://www.htbridge.com/advisory/HTB23155 | Exploit |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-10-03T16:14:53
Updated: 2022-10-03T16:14:53
Reserved: 2022-10-03T00:00:00
Link: CVE-2013-7376
JSON object: View
NVD Information
Status : Analyzed
Published: 2014-05-14T19:55:10.543
Modified: 2014-05-15T15:00:37.710
Link: CVE-2013-7376
JSON object: View
Redhat Information
No data.
CWE