Tags
0-day, application, browser, bug flaw, code programming, coding, computer, cyber-security, database, hacker, information, internet, IT, php, scripting, technology, test, web, website, white-hat
6kbbs v8.0 Multiple CSRF (Cross-Site Request Forgery) Security Vulnerabilities
Exploit Title: 6kbbs Multiple CSRF (Cross-Site Request Forgery) Security Vulnerabilities
Vendor: 6kbbs
Product: 6kbbs
Vulnerable Versions: v7.1 v8.0
Tested Version: v7.1 v8.0
Advisory Publication: April 02, 2015
Latest Update: April 02, 2015
Vulnerability Type: Cross-Site Request Forgery (CSRF) [CWE-352]
CVE Reference: *
CVSS Severity (version 2.0):
CVSS v2 Base Score: 6.8 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:P/A:P) (legend)
Impact Subscore: 6.4
Exploitability Subscore: 8.6
Writer and Reporter: Wang Jing [CCRG, Nanyang Technological University (NTU), Singapore]
Suggestion Details:
(1) Vendor & Product Description:
Vendor:
6kbbs
Product & Vulnerable Versions:
6kbbs
v7.1
v8.0
Vendor URL & download:
6kbbs can be gain from here,
http://www.6kbbs.com/download.html
http://en.sourceforge.jp/projects/sfnet_buzhang/downloads/6kbbs.zip/
Product Introduction Overview:
“6kbbs V8.0 is a PHP + MySQL built using high-performance forum, has the code simple, easy to use, powerful, fast and so on. It is an excellent community forum program. The program is simple but not simple; fast, small…
View original post 407 more words