CVE-2010-3883: CSRF
First published: Fri Oct 08 2010(Updated: )
Cross-site request forgery (CSRF) vulnerability in the Change Group Permissions module in CMS Made Simple 1.7.1 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests that make permission modifications.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Simple CMS | <=1.7.1 | |
| Simple CMS | =0.10 | |
| Simple CMS | =0.10.3 | |
| Simple CMS | =0.10.4 | |
| Simple CMS | =0.11 | |
| Simple CMS | =0.11-beta5 | |
| Simple CMS | =0.11-beta6 | |
| Simple CMS | =0.11.1 | |
| Simple CMS | =0.11.2 | |
| Simple CMS | =0.12 | |
| Simple CMS | =0.12-beta1 | |
| Simple CMS | =0.12-beta2 | |
| Simple CMS | =0.12.1 | |
| Simple CMS | =0.12.2 | |
| Simple CMS | =0.13-beta1 | |
| Simple CMS | =0.13-beta2 | |
| Simple CMS | =0.13-beta3 | |
| Simple CMS | =1.0 | |
| Simple CMS | =1.0-beta1 | |
| Simple CMS | =1.0-beta2 | |
| Simple CMS | =1.0-beta3 | |
| Simple CMS | =1.0-beta4 | |
| Simple CMS | =1.0-beta5 | |
| Simple CMS | =1.0-beta6 | |
| Simple CMS | =1.0.1 | |
| Simple CMS | =1.0.2 | |
| Simple CMS | =1.0.3 | |
| Simple CMS | =1.0.4 | |
| Simple CMS | =1.0.5 | |
| Simple CMS | =1.0.6 | |
| Simple CMS | =1.0.7 | |
| Simple CMS | =1.0.8 | |
| Simple CMS | =1.1 | |
| Simple CMS | =1.1-rc1 | |
| Simple CMS | =1.1-rc2 | |
| Simple CMS | =1.1-rc3 | |
| Simple CMS | =1.1.1 | |
| Simple CMS | =1.1.2 | |
| Simple CMS | =1.1.3.1 | |
| Simple CMS | =1.1.4.1 | |
| Simple CMS | =1.2 | |
| Simple CMS | =1.2-beta1 | |
| Simple CMS | =1.2-beta2 | |
| Simple CMS | =1.2-beta3 | |
| Simple CMS | =1.2-rc1 | |
| Simple CMS | =1.2.1 | |
| Simple CMS | =1.2.2 | |
| Simple CMS | =1.2.3 | |
| Simple CMS | =1.2.4 | |
| Simple CMS | =1.2.5 | |
| Simple CMS | =1.3 | |
| Simple CMS | =1.3-beta1 | |
| Simple CMS | =1.3-beta2 | |
| Simple CMS | =1.3.1 | |
| Simple CMS | =1.4 | |
| Simple CMS | =1.4-beta1 | |
| Simple CMS | =1.4-beta2 | |
| Simple CMS | =1.4.1 | |
| Simple CMS | =1.5 | |
| Simple CMS | =1.5-beta1 | |
| Simple CMS | =1.5.1 | |
| Simple CMS | =1.5.2 | |
| Simple CMS | =1.5.3 | |
| Simple CMS | =1.5.4 | |
| Simple CMS | =1.6 | |
| Simple CMS | =1.6.1 | |
| Simple CMS | =1.6.2 | |
| Simple CMS | =1.6.3 | |
| Simple CMS | =1.6.4 | |
| Simple CMS | =1.6.5 | |
| Simple CMS | =1.6.6 | |
| Simple CMS | =1.6.7 | |
| Simple CMS | =1.6.8 | |
| Simple CMS | =1.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2010-3883?
CVE-2010-3883 is classified as a high severity vulnerability due to its potential for allowing unauthorized permission modifications.
How do I fix CVE-2010-3883?
To fix CVE-2010-3883, upgrade CMS Made Simple to version 1.7.2 or later which addresses this CSRF vulnerability.
What systems are affected by CVE-2010-3883?
CVE-2010-3883 affects CMS Made Simple versions 1.7.1 and earlier.
What type of attack is CVE-2010-3883 associated with?
CVE-2010-3883 is associated with Cross-Site Request Forgery (CSRF) attacks that allow unauthorized changes to user permissions.
Can CVE-2010-3883 lead to complete system compromise?
While CVE-2010-3883 can allow an attacker to modify user permissions, it requires a predefined level of access, making complete system compromise dependent on existing user privileges.
- agent/type
- agent/references
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/cmsmadesimple
- canonical/simple cms
- version/simple cms/1.7.1
- version/simple cms/0.10
- version/simple cms/0.10.3
- version/simple cms/0.10.4
- version/simple cms/0.11
- version/simple cms/0.11-beta5
- version/simple cms/0.11-beta6
- version/simple cms/0.11.1
- version/simple cms/0.11.2
- version/simple cms/0.12
- version/simple cms/0.12-beta1
- version/simple cms/0.12-beta2
- version/simple cms/0.12.1
- version/simple cms/0.12.2
- version/simple cms/0.13-beta1
- version/simple cms/0.13-beta2
- version/simple cms/0.13-beta3
- version/simple cms/1.0
- version/simple cms/1.0-beta1
- version/simple cms/1.0-beta2
- version/simple cms/1.0-beta3
- version/simple cms/1.0-beta4
- version/simple cms/1.0-beta5
- version/simple cms/1.0-beta6
- version/simple cms/1.0.1
- version/simple cms/1.0.2
- version/simple cms/1.0.3
- version/simple cms/1.0.4
- version/simple cms/1.0.5
- version/simple cms/1.0.6
- version/simple cms/1.0.7
- version/simple cms/1.0.8
- version/simple cms/1.1
- version/simple cms/1.1-rc1
- version/simple cms/1.1-rc2
- version/simple cms/1.1-rc3
- version/simple cms/1.1.1
- version/simple cms/1.1.2
- version/simple cms/1.1.3.1
- version/simple cms/1.1.4.1
- version/simple cms/1.2
- version/simple cms/1.2-beta1
- version/simple cms/1.2-beta2
- version/simple cms/1.2-beta3
- version/simple cms/1.2-rc1
- version/simple cms/1.2.1
- version/simple cms/1.2.2
- version/simple cms/1.2.3
- version/simple cms/1.2.4
- version/simple cms/1.2.5
- version/simple cms/1.3
- version/simple cms/1.3-beta1
- version/simple cms/1.3-beta2
- version/simple cms/1.3.1
- version/simple cms/1.4
- version/simple cms/1.4-beta1
- version/simple cms/1.4-beta2
- version/simple cms/1.4.1
- version/simple cms/1.5
- version/simple cms/1.5-beta1
- version/simple cms/1.5.1
- version/simple cms/1.5.2
- version/simple cms/1.5.3
- version/simple cms/1.5.4
- version/simple cms/1.6
- version/simple cms/1.6.1
- version/simple cms/1.6.2
- version/simple cms/1.6.3
- version/simple cms/1.6.4
- version/simple cms/1.6.5
- version/simple cms/1.6.6
- version/simple cms/1.6.7
- version/simple cms/1.6.8
- version/simple cms/1.7