CVE-2013-2713 - Vulnerability Details - OpenCVE

Cross-site request forgery (CSRF) vulnerability in users_maint.html in KrisonAV CMS before 3.0.2 allows remote attackers to hijack the authentication of administrators for requests that create user accounts via a crafted request.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Krisonav	Krisonav

Configuration 1 [-]

OR	cpe:2.3:a:krisonav:krisonav::::::::
	cpe:2.3:a:krisonav:krisonav:0.9.3:::::::*
	cpe:2.3:a:krisonav:krisonav:0.9.4:::::::*
	cpe:2.3:a:krisonav:krisonav:0.9.5:::::::*
	cpe:2.3:a:krisonav:krisonav:0.9.6:::::::*
	cpe:2.3:a:krisonav:krisonav:0.9.7:::::::*
	cpe:2.3:a:krisonav:krisonav:1.0.0:beta::::::
	cpe:2.3:a:krisonav:krisonav:1.0.1:::::::*
	cpe:2.3:a:krisonav:krisonav:1.0.2:::::::*
	cpe:2.3:a:krisonav:krisonav:1.1.35:::::::*
	cpe:2.3:a:krisonav:krisonav:2.0.1:beta::::::
	cpe:2.3:a:krisonav:krisonav:2.1.3:::::::*
	cpe:2.3:a:krisonav:krisonav:2.1.5:::::::*
	cpe:2.3:a:krisonav:krisonav:2.1.6:::::::*
	cpe:2.3:a:krisonav:krisonav:3.0.0:::::::*

No data.

References

Link	Providers
http://archives.neohapsis.com/archives/bugtraq/2013-04/0184.html
http://www.exploit-db.com/exploits/24965
http://www.krisonav.com/index.php?module=articles_show&articles_id=release-notes
http://www.securityfocus.com/bid/59273
https://www.htbridge.com/advisory/HTB23150

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-05-23T14:00:00

Updated: 2024-08-06T15:44:33.543Z

Reserved: 2013-03-27T00:00:00

Link: CVE-2013-2713

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-05-23T14:55:10.367

Modified: 2024-11-21T01:52:12.990

Link: CVE-2013-2713

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-03-31T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in users_maint.html in KrisonAV CMS before 3.0.2 allows remote attackers to hijack the authentication of administrators for requests that create user accounts via a crafted request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-05-23T13:57:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.htbridge.com/advisory/HTB23150"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.krisonav.com/index.php?module=articles_show&articles_id=release-notes"}, {"name": "24965", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "http://www.exploit-db.com/exploits/24965"}, {"name": "59273", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/59273"}, {"name": "20130417 Multiple Vulnerabilities in KrisonAV CMS", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2013-04/0184.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-2713", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site request forgery (CSRF) vulnerability in users_maint.html in KrisonAV CMS before 3.0.2 allows remote attackers to hijack the authentication of administrators for requests that create user accounts via a crafted request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.htbridge.com/advisory/HTB23150", "refsource": "MISC", "url": "https://www.htbridge.com/advisory/HTB23150"}, {"name": "http://www.krisonav.com/index.php?module=articles_show&articles_id=release-notes", "refsource": "CONFIRM", "url": "http://www.krisonav.com/index.php?module=articles_show&articles_id=release-notes"}, {"name": "24965", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/24965"}, {"name": "59273", "refsource": "BID", "url": "http://www.securityfocus.com/bid/59273"}, {"name": "20130417 Multiple Vulnerabilities in KrisonAV CMS", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2013-04/0184.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:44:33.543Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.htbridge.com/advisory/HTB23150"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.krisonav.com/index.php?module=articles_show&articles_id=release-notes"}, {"name": "24965", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "http://www.exploit-db.com/exploits/24965"}, {"name": "59273", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/59273"}, {"name": "20130417 Multiple Vulnerabilities in KrisonAV CMS", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2013-04/0184.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-2713", "datePublished": "2014-05-23T14:00:00", "dateReserved": "2013-03-27T00:00:00", "dateUpdated": "2024-08-06T15:44:33.543Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:krisonav:krisonav:*:*:*:*:*:*:*:*", "matchCriteriaId": "457C6D64-CD71-49CB-A1BF-070313D49978", "versionEndIncluding": "3.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:krisonav:krisonav:0.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "25E02653-52ED-4186-91F7-C4F04667139F", "vulnerable": true}, {"criteria": "cpe:2.3:a:krisonav:krisonav:0.9.4:*:*:*:*:*:*:*", "matchCriteriaId": "EC129E1E-1ACD-4F71-9F95-A44BE33F3CEE", "vulnerable": true}, {"criteria": "cpe:2.3:a:krisonav:krisonav:0.9.5:*:*:*:*:*:*:*", "matchCriteriaId": "934C60EE-52D9-447C-9132-5D8DD22CE445", "vulnerable": true}, {"criteria": "cpe:2.3:a:krisonav:krisonav:0.9.6:*:*:*:*:*:*:*", "matchCriteriaId": "D5BE7610-4568-42DA-B833-5719C7D45D30", "vulnerable": true}, {"criteria": "cpe:2.3:a:krisonav:krisonav:0.9.7:*:*:*:*:*:*:*", "matchCriteriaId": "EB1FCA16-2F22-4962-9EB1-12221035330E", "vulnerable": true}, {"criteria": "cpe:2.3:a:krisonav:krisonav:1.0.0:beta:*:*:*:*:*:*", "matchCriteriaId": "BFE4A8C1-6789-4281-B868-4F6D3D76F628", "vulnerable": true}, {"criteria": "cpe:2.3:a:krisonav:krisonav:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "4D1DEDA1-6F7D-4281-B467-974382C65111", "vulnerable": true}, {"criteria": "cpe:2.3:a:krisonav:krisonav:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "D6B0D4A0-40FD-421E-B6EC-58276A500A78", "vulnerable": true}, {"criteria": "cpe:2.3:a:krisonav:krisonav:1.1.35:*:*:*:*:*:*:*", "matchCriteriaId": "24585362-1048-4B2B-B8E9-7AF08B4DA75E", "vulnerable": true}, {"criteria": "cpe:2.3:a:krisonav:krisonav:2.0.1:beta:*:*:*:*:*:*", "matchCriteriaId": "F63A9E96-4F5D-47E9-91EF-D1A131CE4142", "vulnerable": true}, {"criteria": "cpe:2.3:a:krisonav:krisonav:2.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "95AF76A9-7E36-41AA-B216-4D0830A543C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:krisonav:krisonav:2.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "DE61C27A-0972-45EF-A8D8-8A562F21386B", "vulnerable": true}, {"criteria": "cpe:2.3:a:krisonav:krisonav:2.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "1E2AED87-9E47-4C68-A876-7845DD327C2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:krisonav:krisonav:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "5F5B4EEC-E69A-40A2-A7CB-AE5E5D4547D2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in users_maint.html in KrisonAV CMS before 3.0.2 allows remote attackers to hijack the authentication of administrators for requests that create user accounts via a crafted request."}, {"lang": "es", "value": "Vulnerabilidad de CSRF en users_maint.html en KrisonAV CMS anterior a 3.0.2 permite a atacantes remotos secuestrar la autenticaci\u00f3n de administradores para solicitudes que crean cuentas de usuarios a trav\u00e9s de un solicitud manipulada."}], "id": "CVE-2013-2713", "lastModified": "2024-11-21T01:52:12.990", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-05-23T14:55:10.367", "references": [{"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2013-04/0184.html"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.exploit-db.com/exploits/24965"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.krisonav.com/index.php?module=articles_show&articles_id=release-notes"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/59273"}, {"source": "cve@mitre.org", "url": "https://www.htbridge.com/advisory/HTB23150"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2013-04/0184.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.exploit-db.com/exploits/24965"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.krisonav.com/index.php?module=articles_show&articles_id=release-notes"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/59273"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.htbridge.com/advisory/HTB23150"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}