CVE-2008-4448

Cross-site request forgery (CSRF) vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to perform unauthorized actions as an administrator, including file deletion and creation, via a link or IMG tag to the (1) overkill, (2) futils, or (3) edit actions.

Published: Oct 6, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-4448
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-352

Affected Software
References

Software	From	Fixed in
positive_software / h-sphere	4.3.10	4.3.10.x

http://packetstormsecurity.org/0810-exploits/webshell431-xssxsrf.txt
http://secunia.com/advisories/32086
https://exchange.xforce.ibmcloud.com/vulnerabilities/45614

Vulnerability Database

289,871

CVE-2008-4448