CVE-2013-7376: CSRF
First published: Wed May 14 2014(Updated: )
Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.10, possibly before revision 82710, allow remote attackers to hijack the authentication of administrators, as demonstrated by requests that conduct directory traversal attacks via the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-3514.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Open edX | =2.8.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-7376?
CVE-2013-7376 has a moderate severity rating due to its potential to allow remote attackers to hijack administrator authentication.
How do I fix CVE-2013-7376?
To fix CVE-2013-7376, it is recommended to apply patches provided by OpenX or upgrade to a later version that addresses these vulnerabilities.
What systems are affected by CVE-2013-7376?
CVE-2013-7376 specifically affects OpenX version 2.8.10 and potentially earlier revisions.
What type of attacks are possible due to CVE-2013-7376?
CVE-2013-7376 allows for cross-site request forgery (CSRF) attacks, which can lead to unauthorized actions performed on behalf of an authenticated user.
Who can exploit CVE-2013-7376?
CVE-2013-7376 can be exploited by remote attackers with the ability to craft malicious requests to target the vulnerable OpenX installation.
- agent/type
- agent/tags
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/severity
- agent/weakness
- agent/author
- agent/references
- agent/description
- agent/event
- vendor/openx
- canonical/open edx
- version/open edx/2.8.10