CVE-2008-6585

EUVD-2008-6548
Cross-site request forgery (CSRF) vulnerability in html/admin.php in TorrentFlux 2.3 allows remote attackers to hijack the authentication of administrators for requests that add new accounts via the addUser action.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
Affected Products (NVD)
VendorProductVersion
torrentfluxtorrentflux
2.3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
torrentflux
dapper
dne
gutsy
ignored
hardy
not-affected
intrepid
not-affected
jaunty
not-affected
karmic
not-affected
Common Weakness Enumeration
References
http://osvdb.org/44646
http://secunia.com/advisories/29935
http://www.securityfocus.com/archive/1/491066/100/0/threaded
http://www.securityfocus.com/bid/28846
https://exchange.xforce.ibmcloud.com/vulnerabilities/41926
http://osvdb.org/44646
http://secunia.com/advisories/29935
http://www.securityfocus.com/archive/1/491066/100/0/threaded
http://www.securityfocus.com/bid/28846
https://exchange.xforce.ibmcloud.com/vulnerabilities/41926