CVE-2008-7243: CSRF
First published: Thu Sep 17 2009(Updated: )
Cross-site request forgery (CSRF) vulnerability in page 34 in MODx CMS 0.9.6.1 and 0.9.6.1p1 allows remote attackers to hijack the authentication of other users for requests that modify passwords via manager/index.php. NOTE: due to the lack of details, it is not clear whether this is related to CVE-2008-5941.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MODx CMS Evolution | =0.9.6.1-p1 | |
| MODx CMS Evolution | =0.9.6.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2008-7243?
CVE-2008-7243 is considered a high severity vulnerability due to the potential for CSRF attacks that can compromise user accounts.
How do I fix CVE-2008-7243?
To fix CVE-2008-7243, upgrade to a patched version of MODx CMS, or implement CSRF protection measures in your application.
What impact does CVE-2008-7243 have on MODx CMS users?
CVE-2008-7243 allows attackers to hijack the authentication of users, potentially leading to unauthorized password modifications.
Which versions of MODx CMS are affected by CVE-2008-7243?
CVE-2008-7243 affects MODx CMS versions 0.9.6.1 and 0.9.6.1p1.
Is CVE-2008-7243 easily exploitable?
Yes, CVE-2008-7243 is easily exploitable as it relies on CSRF techniques that can be triggered without user interaction.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/modxcms
- canonical/modx cms evolution
- version/modx cms evolution/0.9.6.1-p1
- version/modx cms evolution/0.9.6.1