6kbbs v8.0 Multiple CSRF (Cross-Site Request Forgery) Security Vulnerabilities

Hacker Research Topics

stock-footage-digital-code-binary-computer-background-series-version-from-to

6kbbs v8.0 Multiple CSRF (Cross-Site Request Forgery) Security Vulnerabilities

Exploit Title: 6kbbs Multiple CSRF (Cross-Site Request Forgery) Security Vulnerabilities

Vendor: 6kbbs

Product: 6kbbs

Vulnerable Versions: v7.1 v8.0

Tested Version: v7.1 v8.0

Advisory Publication: April 02, 2015

Latest Update: April 02, 2015

Vulnerability Type: Cross-Site Request Forgery (CSRF) [CWE-352]

CVE Reference: *

CVSS Severity (version 2.0):

CVSS v2 Base Score: 6.8 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 8.6

Writer and Reporter: Wang Jing [CCRG, Nanyang Technological University (NTU), Singapore]

Suggestion Details:

(1) Vendor & Product Description:


Vendor:

6kbbs

Product & Vulnerable Versions:

6kbbs

v7.1

v8.0

Vendor URL & download:

6kbbs can be gain from here,

http://www.6kbbs.com/download.html

http://en.sourceforge.jp/projects/sfnet_buzhang/downloads/6kbbs.zip/

Product Introduction Overview:

“6kbbs V8.0 is a PHP + MySQL built using high-performance forum, has the code simple, easy to use, powerful, fast and so on. It is an excellent community forum program. The program is simple but not simple; fast, small…

View original post 407 more words

Advertisements
This entry was posted in Articles and tagged , , , , , , , , , , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s