CVE-2014-4718

medium

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Lunar CMS before 3.3-3 allow remote attackers to hijack the authentication of administrators for requests that (1) add Super users via a request to admin/user_create.php or conduct cross-site scripting (XSS) attacks via the (2) email or (3) subject parameter in contact_form.ext.php to admin/extensions.php.

References

http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5188.php

http://www.securityfocus.com/bid/68153

http://secunia.com/advisories/59411

http://osvdb.org/show/osvdb/108351

http://osvdb.org/show/osvdb/108350

http://lunarcms.com/Get.html

Details

Source: Mitre, NVD

Published: 2014-07-03

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.02854