CVE-2008-3262

EUVD-2008-3250
Cross-site request forgery (CSRF) vulnerability in Claroline before 1.8.10 allows remote attackers to change passwords, related to lack of a requirement for the previous password.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
Affected Products (NVD)
VendorProductVersion
clarolineclaroline
𝑥
≤ 1.8.9
clarolineclaroline
1.2
clarolineclaroline
1.3
clarolineclaroline
1.4
clarolineclaroline
1.5
clarolineclaroline
1.5.3
clarolineclaroline
1.5.4
clarolineclaroline
1.6
clarolineclaroline
1.6_beta:_beta
clarolineclaroline
1.6_rc1:_rc1
clarolineclaroline
1.7
clarolineclaroline
1.7.1
clarolineclaroline
1.7.2
clarolineclaroline
1.7.3
clarolineclaroline
1.7.4
clarolineclaroline
1.7.5
clarolineclaroline
1.7.6
clarolineclaroline
1.7.7
clarolineclaroline
1.8.0
clarolineclaroline
1.8.1
clarolineclaroline
1.8.2
clarolineclaroline
1.8.3
clarolineclaroline
1.8.4
clarolineclaroline
1.8.5
clarolineclaroline
1.8.6
clarolineclaroline
1.8.7
clarolineclaroline
1.8.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/31116
http://securityreason.com/securityalert/4020
http://sourceforge.net/project/shownotes.php?release_id=613634
http://wiki.claroline.net/index.php/Changelog_1.8.x#Modification_between_claroline_1.8.9_and_1.8.10
http://www.securityfocus.com/archive/1/494539/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/43854
https://exchange.xforce.ibmcloud.com/vulnerabilities/43974
http://secunia.com/advisories/31116
http://securityreason.com/securityalert/4020
http://sourceforge.net/project/shownotes.php?release_id=613634
http://wiki.claroline.net/index.php/Changelog_1.8.x#Modification_between_claroline_1.8.9_and_1.8.10
http://www.securityfocus.com/archive/1/494539/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/43854
https://exchange.xforce.ibmcloud.com/vulnerabilities/43974