CVE-2015-2143

HIGH

Phpbugtracker < 1.6.0 - CSRF

Title source: rule

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to hijack the authentication of users for requests that cause an unspecified impact via unknown parameters.

Exploits (1)

exploitdb WRITEUP

webappsphp

https://www.exploit-db.com/exploits/36160

View Code ZIP pw:eip

References (1)

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2015/02/28/1

Scores

CVSS v3 8.8

EPSS 0.0019

EPSS Percentile 41.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-352

Status published

Products (1)

phpbugtracker_project/phpbugtracker < 1.6.0

Published Oct 06, 2017

Tracked Since Feb 18, 2026