CVE-2008-0508 - OpenCVE

Cross-site request forgery (CSRF) vulnerability in deans_permalinks_migration.php in the Dean's Permalinks Migration 1.0 plugin for WordPress allows remote attackers to modify the oldstructure (aka dean_pm_config[oldstructure]) configuration setting as administrators via the old_struct parameter in a deans_permalinks_migration.php action to wp-admin/options-general.php, as demonstrated by placing an XSS sequence in this setting.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Wordpress	Permalinks Migration Plugin

Configuration 1 [-]

cpe:2.3:a:wordpress:permalinks_migration_plugin:1.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://g30rg3x.com/wp-files/dpm_11gx.zip
http://g30rg3x.com/xsrf-bajo-deans-permalinks-migration-10
http://packetstorm.linuxsecurity.com/0801-advisories/deans-xsrf.txt
http://secunia.com/advisories/28593
http://securityreason.com/securityalert/3595
http://www.securityfocus.com/archive/1/486840/100/0/threaded
http://www.vupen.com/english/advisories/2008/0281
https://exchange.xforce.ibmcloud.com/vulnerabilities/39845

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-01-31T19:30:00

Updated: 2024-08-07T07:46:54.872Z

Reserved: 2008-01-31T00:00:00

Link: CVE-2008-0508

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-01-31T20:00:00.000

Modified: 2018-10-15T22:00:58.490

Link: CVE-2008-0508

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-01-22T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in deans_permalinks_migration.php in the Dean's Permalinks Migration 1.0 plugin for WordPress allows remote attackers to modify the oldstructure (aka dean_pm_config[oldstructure]) configuration setting as administrators via the old_struct parameter in a deans_permalinks_migration.php action to wp-admin/options-general.php, as demonstrated by placing an XSS sequence in this setting."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://packetstorm.linuxsecurity.com/0801-advisories/deans-xsrf.txt"}, {"tags": ["x_refsource_MISC"], "url": "http://g30rg3x.com/wp-files/dpm_11gx.zip"}, {"tags": ["x_refsource_MISC"], "url": "http://g30rg3x.com/xsrf-bajo-deans-permalinks-migration-10"}, {"name": "permalinks-deanpmconfig-csrf(39845)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39845"}, {"name": "ADV-2008-0281", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0281"}, {"name": "20080122 XSRF under Deanâ??s Permalinks Migration 1.0", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/486840/100/0/threaded"}, {"name": "28593", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28593"}, {"name": "3595", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3595"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-0508", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site request forgery (CSRF) vulnerability in deans_permalinks_migration.php in the Dean's Permalinks Migration 1.0 plugin for WordPress allows remote attackers to modify the oldstructure (aka dean_pm_config[oldstructure]) configuration setting as administrators via the old_struct parameter in a deans_permalinks_migration.php action to wp-admin/options-general.php, as demonstrated by placing an XSS sequence in this setting."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://packetstorm.linuxsecurity.com/0801-advisories/deans-xsrf.txt", "refsource": "MISC", "url": "http://packetstorm.linuxsecurity.com/0801-advisories/deans-xsrf.txt"}, {"name": "http://g30rg3x.com/wp-files/dpm_11gx.zip", "refsource": "MISC", "url": "http://g30rg3x.com/wp-files/dpm_11gx.zip"}, {"name": "http://g30rg3x.com/xsrf-bajo-deans-permalinks-migration-10", "refsource": "MISC", "url": "http://g30rg3x.com/xsrf-bajo-deans-permalinks-migration-10"}, {"name": "permalinks-deanpmconfig-csrf(39845)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39845"}, {"name": "ADV-2008-0281", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0281"}, {"name": "20080122 XSRF under Deanâ??s Permalinks Migration 1.0", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/486840/100/0/threaded"}, {"name": "28593", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28593"}, {"name": "3595", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3595"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T07:46:54.872Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstorm.linuxsecurity.com/0801-advisories/deans-xsrf.txt"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://g30rg3x.com/wp-files/dpm_11gx.zip"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://g30rg3x.com/xsrf-bajo-deans-permalinks-migration-10"}, {"name": "permalinks-deanpmconfig-csrf(39845)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39845"}, {"name": "ADV-2008-0281", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/0281"}, {"name": "20080122 XSRF under Deanâ??s Permalinks Migration 1.0", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/486840/100/0/threaded"}, {"name": "28593", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28593"}, {"name": "3595", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/3595"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-0508", "datePublished": "2008-01-31T19:30:00", "dateReserved": "2008-01-31T00:00:00", "dateUpdated": "2024-08-07T07:46:54.872Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wordpress:permalinks_migration_plugin:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "21305F73-180E-4B2A-8665-494339442E5C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in deans_permalinks_migration.php in the Dean's Permalinks Migration 1.0 plugin for WordPress allows remote attackers to modify the oldstructure (aka dean_pm_config[oldstructure]) configuration setting as administrators via the old_struct parameter in a deans_permalinks_migration.php action to wp-admin/options-general.php, as demonstrated by placing an XSS sequence in this setting."}, {"lang": "es", "value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en deans_permalinks_migration.php en el plugin Dean's Permalinks Migration 1.0 para WordPress, permite a atacantes remotos modificar la configuraci\u00f3n de oldstructure (tambi\u00e9n conocido como dean_pm_config[oldstructure]) como administradores a trav\u00e9s del par\u00e1metro old_struct en una acci\u00f3n deans_permalinks_migration.php a wp-admin/options-general.php, como se demostr\u00f3 poniendo una secuencia XSS en este ajuste de la configuraci\u00f3n."}], "id": "CVE-2008-0508", "lastModified": "2018-10-15T22:00:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-01-31T20:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://g30rg3x.com/wp-files/dpm_11gx.zip"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://g30rg3x.com/xsrf-bajo-deans-permalinks-migration-10"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://packetstorm.linuxsecurity.com/0801-advisories/deans-xsrf.txt"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28593"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3595"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/486840/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/0281"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39845"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}