CVE-2008-6729

high

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in password.php in PHPmotion 2.1 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that modify an account via the (1) password or (2) email_address parameter.

References

https://www.exploit-db.com/exploits/7557

https://exchange.xforce.ibmcloud.com/vulnerabilities/47585

http://secunia.com/advisories/33309

http://osvdb.org/50999

Details

Source: Mitre, NVD

Published: 2009-04-20

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00117