CVE-2008-6478: CSRF
First published: Mon Mar 16 2009(Updated: )
Cross-site request forgery (CSRF) vulnerability in the file manager in the VZPP web interface for Parallels Virtuozzo 365.6.swsoft (build 4.0.0-365.6.swsoft) and 25.4.swsoft (build 3.0.0-25.4.swsoft) allows remote attackers to create and delete arbitrary files as the administrator via a link or IMG tag to (1) create-file and (2) list-control in vz/cp/vzdir/infrman/envs/files/; or modify system configuration via the path parameter to vz/cp/vzdir/infrman/envs/files/index.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Parallels Virtuozzo Containers | =3.0.0-25.4.swsoft | |
| Parallels Virtuozzo Containers | =4.0.0-365.6.swsoft |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-historical
- collector/nvd-index
- agent/severity
- agent/author
- agent/weakness
- agent/references
- agent/description
- agent/type
- agent/event
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/parallels
- canonical/parallels virtuozzo containers
- version/parallels virtuozzo containers/3.0.0-25.4.swsoft
- version/parallels virtuozzo containers/4.0.0-365.6.swsoft