CVE-2010-2282

Tomatocms - CSRF

Title source: rule

Description

Cross-site request forgery (CSRF) vulnerability in TomatoCMS 2.0.6 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password.

Exploits (1)

exploitdb WORKING POC

by 10n1z3d · htmlwebappsphp

https://www.exploit-db.com/exploits/14331

View Code ZIP pw:eip

References (2)

[Various Sources] http://holisticinfosec.org/content/view/148/45/

[Vendor Advisory] http://secunia.com/advisories/39680

Scores

EPSS 0.0005

EPSS Percentile 14.7%

Details

CWE

CWE-352

Status published

Products (1)

tomatocms/tomatocms 2.0.6

Published Jun 15, 2010

Tracked Since Feb 18, 2026