CVE-2010-2294

Cross-site request forgery (CSRF) vulnerability in Plume CMS 1.2.4 and possibly earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via unspecified vectors.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
VendorProductVersion
pxsystemplume-cms
𝑥
≤ 1.2.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/40133
http://www.securityfocus.com/archive/1/511761/100/0/threaded
http://www.vupen.com/english/advisories/2010/1430
https://exchange.xforce.ibmcloud.com/vulnerabilities/59308
http://secunia.com/advisories/40133
http://www.securityfocus.com/archive/1/511761/100/0/threaded
http://www.vupen.com/english/advisories/2010/1430
https://exchange.xforce.ibmcloud.com/vulnerabilities/59308