CVE-2008-3736

Published: Aug 27, 2008Modified: Apr 23, 2026

6.0

Vector

AV:N/AC:M/Au:S/C:P/I:P/A:P

Exploitability: 6.8 / Impact: 6.4

Source: NVD

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in (1) System Consultants La!Cooda WIZ 1.4.0 and earlier and (2) SpaceTag LacoodaST 2.1.3 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (a) change passwords or (b) change configurations.

Affected (2)

Products: Spacetag: Lacoodast · System Consultants: La Cooda Wiz

1 product

System Consultants

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Spacetag Lacoodast	Up to 2.1.3
System Consultants La Cooda Wiz	Up to 1.4.0

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (12)

http://jvn.jp/en/jp/JVN83428818/index.html

Source: cve@mitre.org

http://secunia.com/advisories/31574

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/31582

Source: cve@mitre.org

Vendor Advisory

http://wiz.syscon.co.jp/Details.htm

Source: cve@mitre.org

http://www.securityfocus.com/bid/30791

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/44592

Source: cve@mitre.org

http://jvn.jp/en/jp/JVN83428818/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/31574

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/31582

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://wiz.syscon.co.jp/Details.htm

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/30791

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/44592

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.