1024 CMS unspecified cross-site request forgery
| 1024cms-unspecified-csrf (37267) |  Medium Risk |
Description:
1024 CMS is vulnerable to an unspecified cross-site request forgery, caused by a vulnerability when handling HTTP requests. By persuading an authenticated victim to view a specially-crafted Web site, a remote attacker could exploit this vulnerability to change arbitrary passwords and possibly perform other attacks against the affected system, including cross-site scripting, Web cache poisoning, and PHP code execution.
Platforms Affected:
- 1024 CMS, 1024 Content Management System 1.2.5
Remedy:
No remedy available as of June 27, 2009.
Consequences:
Bypass Security
References:
- 1024 CMS Web site, 1024 CMS at http://1024cms.com/index.php.
- CVE-2007-5575: Cross-site request forgery (CSRF) vulnerability in 1024 CMS 1.2.5 allows remote attackers to perform some actions as administrators, as demonstrated by (1) an unspecified action that creates a file containing PHP code and (2) unspecified use of the forum component. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
- SA27259: 1024 CMS Cross-Site Request Forgery Vulnerability
Reported:
Oct 17, 2007
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net