CVE-2008-3262

Cross-site request forgery (CSRF) vulnerability in Claroline before 1.8.10 allows remote attackers to change passwords, related to lack of a requirement for the previous password.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
VendorProductVersion
clarolineclaroline
𝑥
≤ 1.8.9
clarolineclaroline
1.2
clarolineclaroline
1.3
clarolineclaroline
1.4
clarolineclaroline
1.5
clarolineclaroline
1.5.3
clarolineclaroline
1.5.4
clarolineclaroline
1.6
clarolineclaroline
1.6_beta:_beta
clarolineclaroline
1.6_rc1:_rc1
clarolineclaroline
1.7
clarolineclaroline
1.7.1
clarolineclaroline
1.7.2
clarolineclaroline
1.7.3
clarolineclaroline
1.7.4
clarolineclaroline
1.7.5
clarolineclaroline
1.7.6
clarolineclaroline
1.7.7
clarolineclaroline
1.8.0
clarolineclaroline
1.8.1
clarolineclaroline
1.8.2
clarolineclaroline
1.8.3
clarolineclaroline
1.8.4
clarolineclaroline
1.8.5
clarolineclaroline
1.8.6
clarolineclaroline
1.8.7
clarolineclaroline
1.8.8
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/31116
http://securityreason.com/securityalert/4020
http://sourceforge.net/project/shownotes.php?release_id=613634
http://wiki.claroline.net/index.php/Changelog_1.8.x#Modification_between_claroline_1.8.9_and_1.8.10
http://www.securityfocus.com/archive/1/494539/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/43854
https://exchange.xforce.ibmcloud.com/vulnerabilities/43974
http://secunia.com/advisories/31116
http://securityreason.com/securityalert/4020
http://sourceforge.net/project/shownotes.php?release_id=613634
http://wiki.claroline.net/index.php/Changelog_1.8.x#Modification_between_claroline_1.8.9_and_1.8.10
http://www.securityfocus.com/archive/1/494539/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/43854
https://exchange.xforce.ibmcloud.com/vulnerabilities/43974