CVE-2014-6299
medium
CVSS v3
—
CVSS v2
6.8
VIR risk
6.8
Description
Cross-site request forgery (CSRF) vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to hijack the authentication of users for requests that create posts via unspecified vectors.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cve@mitre.org — http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-001/
Vendor advisory: cve@mitre.org — http://typo3.org/extensions/repository/view/mm_forum
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| mm_forum_project | mm_forum | {"endIncluding":"1.9.2"} | |
| mm_forum_project | mm_forum | 0.1.0 | |
| mm_forum_project | mm_forum | 0.1.1 | |
| mm_forum_project | mm_forum | 0.1.2 | |
| mm_forum_project | mm_forum | 0.1.3 | |
| mm_forum_project | mm_forum | 0.1.4 | |
| mm_forum_project | mm_forum | 0.1.5 | |
| mm_forum_project | mm_forum | 0.1.6 | |
| mm_forum_project | mm_forum | 0.1.7 | |
| mm_forum_project | mm_forum | 0.1.8 | |
| mm_forum_project | mm_forum | 1.8.1 | |
| mm_forum_project | mm_forum | 1.8.2 | |
| mm_forum_project | mm_forum | 1.8.3 | |
| mm_forum_project | mm_forum | 1.9.0 | |
| mm_forum_project | mm_forum | 1.9.1 | |
References
CWEs
CWE-352
Verify integrity in audit chain (admin only). AS-IS.