CVE-2008-6480

Datalife Engine 6.7 - Cross-Site Request Forgery via Image Parameter

Title source: llm
STIX 2.1

Description

Cross-site request forgery (CSRF) vulnerability in engine/modules/imagepreview.php in Datalife Engine 6.7 allows remote attackers to hijack the authentication of arbitrary users for requests that use a modified image parameter.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41598
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/490372/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/51107

Scores

EPSS 0.0057
EPSS Percentile 43.4%

Details

CWE
CWE-352
Status published
Products (1)
softnews_media_group/datalife_engine 6.7
Published Mar 16, 2009
Tracked Since Feb 18, 2026