CVE-2008-6729

Published: Apr 20, 2009Modified: Apr 23, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in password.php in PHPmotion 2.1 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that modify an account via the (1) password or (2) email_address parameter.

Affected (3)

Products: Phpmotion: Phpmotion

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Phpmotion Phpmotion	Up to 2.1
Phpmotion Phpmotion	Version 1.0
Phpmotion Phpmotion	Version 2.0

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (8)

http://osvdb.org/50999

Source: cve@mitre.org

http://secunia.com/advisories/33309

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/47585

Source: cve@mitre.org

https://www.exploit-db.com/exploits/7557

Source: cve@mitre.org

http://osvdb.org/50999

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/33309

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/47585

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/7557

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.