CVE-2008-7243

Published: Sep 17, 2009Modified: Apr 23, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Cross-site request forgery (CSRF) vulnerability in page 34 in MODx CMS 0.9.6.1 and 0.9.6.1p1 allows remote attackers to hijack the authentication of other users for requests that modify passwords via manager/index.php. NOTE: due to the lack of details, it is not clear whether this is related to CVE-2008-5941.

Affected (2)

Products: Modxcms: Modxcms

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Modxcms Modxcms	Version 0.9.6.1
Modxcms Modxcms	Version 0.9.6.1 p1

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (8)

http://secunia.com/advisories/28840

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/archive/1/487696/100/200/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/27672

Source: cve@mitre.org

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/40378

Source: cve@mitre.org

http://secunia.com/advisories/28840

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/archive/1/487696/100/200/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/27672

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/40378

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.