Unrated severityNVD Advisory· Published Apr 20, 2009· Updated Apr 23, 2026

CVE-2008-6729

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in password.php in PHPmotion 2.1 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that modify an account via the (1) password or (2) email_address parameter.

Affected products

Phpmotion/Phpmotion3 versions
cpe:2.3:a:phpmotion:phpmotion:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:phpmotion:phpmotion:*:*:*:*:*:*:*:*range: <=2.1
- cpe:2.3:a:phpmotion:phpmotion:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:phpmotion:phpmotion:2.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/33309nvdVendor Advisory
osvdb.org/50999nvd
exchange.xforce.ibmcloud.com/vulnerabilities/47585nvd
www.exploit-db.com/exploits/7557nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000