CVE-2013-7259

Neo4J < 2.2.0-M01 - Cross-Site Request Forgery via GremlinPlugin or Console Endpoint

Title source: llm
STIX 2.1

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Neo4J 1.9.2 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary code, as demonstrated by a request to (1) db/data/ext/GremlinPlugin/graphdb/execute_script or (2) db/manage/server/console/.

References (4)

Core 4
Core References
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/01/03/8
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/01/03/3

Scores

EPSS 0.0125
EPSS Percentile 65.8%

Details

CWE
CWE-352 CWE-78
Status published
Products (2)
neo4j/neo4j 1.9.2
org.neo4j/neo4j 0 - 2.2.0-M01Maven
Published Apr 29, 2014
Tracked Since Feb 18, 2026